Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Here is your daily dose of WTF. Linux Kernel developer Greg Kroah-Hartman has called out "researchers" from the University of Minnesota and banned them from submitting code to the Linux Kernel.

This story is pretty wild and completely ridiculous. In the name of some apparent research and a written paper titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits", the people involved have now been called out on "sending known-buggy patches to see how the kernel community would react to them".

Part of it goes further, as patches have continued to roll in after the paper was published so they are "continuing to experiment on the kernel community developers by sending such nonsense patches" with the patches not actually doing anything at all. Kroah-Hartman certainly wasn't holding back:

Our community does not appreciate being experimented on, and being "tested" by submitting known patches that are either do nothing on purpose, or introduce bugs on purpose. If you wish to do work like this, I suggest you find a different community to run your experiments on, you are not welcome here.

Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems.

In a further post Kroah-Hartman sent in a patch to revert a bunch of changes done from the group, so they can go over them fully to ensure they're safe and actually do something.

From a certain point of view, it's nice to know that the Kernel team are good at picking up malicious code and attempts to introduce bugs - but doing this to such a huge important project, live and in the open in the name of research? That's just not right.

Update: so the plot thickens it seems! Sarah Jamie Lewis, the Executive Director of Open Privacy, pointed out on Twitter (be sure to read the thread) that they and others expressed concerns about it in 2020 in a co-signed letter to the IEEE S&P (IEEE Symposium on Security and Privacy). It really doesn't look good.

Update 2: Leadership in the University of Minnesota Department of Computer Science & Engineering department released a statement on Twitter, noting that it has suspended the research and will be looking into how it got approved in the first place.

Article taken from GamingOnLinux.com.
Tags: Kernel, Misc
39 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
43 comments
Page: 1/5»
  Go to:

Lofty Apr 21, 2021
Everyday we step closer to the brink of idiocracy.
Alm888 Apr 21, 2021
I have a research proposition: let's get ourselves a pharmaceutical company and force this company to introduce poison in some of its medications and distribute those poisoned drugs trough common distribution network. In the name of research, of course! I think we must determine the pharmaceutical industry's ability to identify and block malicious drugs!

HINT: That was a sarcasm.


Last edited by Alm888 on 21 April 2021 at 5:16 pm UTC
Photon Apr 21, 2021
Quoting: Alm888I have a research proposition: let's get ourselves a pharmaceutical company and force this company to introduce poison in some of its medications and distribute those poisoned drugs trough common distribution network. In the name of research, of course! I think we must determine the pharmaceutical industry's ability to identify and block malicious drugs!

Have you seen the list of side effects on drugs? I think pharma's do that on their own.
Mohandevir Apr 21, 2021
So, following that logic, we are better served with closed source proprietary code that got well know unpatched and exploited flaws for years... Yeah right!

Edit: Wondering who paid for this non-sense "research"? Could we follow the money, please?


Last edited by Mohandevir on 21 April 2021 at 5:33 pm UTC
Lachu Apr 21, 2021
Sorry, but my English knowledge is poor.
Are these patches introduced to mainline/merged?
Lachu Apr 21, 2021
I will subscribe.
ElectricPrism Apr 21, 2021
Good. Introducing intentionally defective code into the kernel is criminal. Don't fuck with my FOSS. GTFO.
Alm888 Apr 21, 2021
Quoting: Photon
Quoting: Alm888I have a research proposition: let's get ourselves a pharmaceutical company and force this company to introduce poison in some of its medications and distribute those poisoned drugs trough common distribution network. In the name of research, of course! I think we must determine the pharmaceutical industry's ability to identify and block malicious drugs!

Have you seen the list of side effects on drugs? I think pharma's do that on their own.
1) Those are documented side effects;
2) Sadly, no drug is flawless (no panacea was invented yet).
What those "researchers" have done was experimenting on unwitting victims with possible lethal "side-effects".
Quoting: MohandevirSo, following that logic, we are better served with closed source proprietary code that got well know unpatched and exploited flaws for years... Yeah right!

Edit: Wondering who paid for this non-sense "research"? Could we follow the money, please?
What mind-bending yoga has made you to come to this conclusion? Since when prohibiting "scientific" rm -rf /* patches leads to "closed source proprietary code" propaganda?
There are other means of code audition/inspection/scrutiny than willful injection of malicious code into working industry-level software possibly managing critical infrastructure objects like hospitals, nuclear power plants, stock exchange servers or ship navigation systems.
It is all joy and games only until someone gets killed due to this kind of "research".


Last edited by Alm888 on 21 April 2021 at 5:45 pm UTC
Mohandevir Apr 21, 2021
Quoting: ElectricPrismGood. Introducing intentionally defective code into the kernel is criminal. Don't fuck with my FOSS. GTFO.

Oh! I would like to see the Linux Foundation sueing the Minnesota University... Getting my Pop Corn ready!


Last edited by Mohandevir on 21 April 2021 at 5:52 pm UTC
ElectricPrism Apr 21, 2021
Quoting: Mohandevir
Quoting: ElectricPrismGood. Introducing intentionally defective code into the kernel is criminal. Don't fuck with my FOSS. GTFO.

Oh! I would like to see the Linux Foundation sueing the Minnesota Unniversity... Getting my Pop Corn ready!

Find penalty laws of "fucking with nuclear facilities" and "hospitals" and I'm sure there could be a pretty long list of felonies drawn up.

Honestly, I wouldn't mind seeing the EFF sue the shit out of them.

(Oops I didn't mean to Poison the water of the Children's Hospital and Old Folks Homes, "It was just a paper bro")


Last edited by ElectricPrism on 21 April 2021 at 5:54 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.