Confusion in the Linux world, patches introduce vulnerabilities in the kernel: Is something rotten in Minnesota?

A “Case“It simply came to our notice then Linux community This at least causes debate for its integrity. Over there University of Minnesota (UMN) “Prohibited“, That is, it can no longer participate in kernel development by proposing reefs. University researchers deliberately sent vulnerable codes to a vulnerable branch of the kernel.

This is not a far-fetched accusation, but a documented one, which refers to a research paper. “Open Source Insecurity: Stealthily introduces vulnerabilities through insidious committees“e Released in February Researchers at the University of Minnesota have deliberately introduced security holes (specifically) Use for free) On the main branch of the Linux kernel. It is an act for research purposes, but it does not go down well with those who work every day to make the open source world more secure and reliable.

The problem is, after the publication of this article, researchers from the University of Minnesota sent it Another wave of reefs Automatically generated by standard analysis tool. The content of these committees turned out to be useless. As they say, it’s the classic straw that breaks the camel’s back because the caretakers found it wasting precious time to check the code without art or part. As a result Greg Grova-Hartman decided Drop Cleaver, preventing university researchers from contributing to the kernel in any way.

“A few minutes with someone who has knowledge of the C language leads you to realize that your contributions do nothing, so thinking that a tool created them and then thinking that they are the perfect” debug “is totally indifferent to your part, not ours. Being is not our job … for this reason, right now I want to ban future contributions from your university and remove previous contributions, Because they were presented in bad faith with the intention of creating problems “.

Therefore all commitments have been removed from um umn.edu addresses, Because the university has done nothing to prevent researchers from continuing to go their own way. “Committees from bad umn.edu addresses have been submitted in ‘bad faith’ to try to test the community’s ability to review for harmful changes in the kernel. For this reason, all submissions should be removed from this group. They need to be reconsidered to determine if they are really a viable solution“Hartman explained to the community.” Until the job is done, [rimuoveremo] These changes are to ensure that no issues are introduced on the index site, ”he said Done Grova-Hartman.

Screen: Sleeping computer

Can the story end here? not at all. UMN researcher Aditya Bucky Asked the caretaker to avoid charges The extent of slander. “Greg, I respectfully request that you stop and drop the barbaric accusations that slander is the limit. These links were submitted as part of a new standard analyzer I wrote, the sensitivity of which is not obvious. I submitted the reprimands in the hope that I would get some feedback. We are not experts in the Linux kernel and it is disgusting to repeat these claims. Apparently, we made a mistake, but Your prejudices are so strong that you make unwarranted accusations or give us any benefit of the doubt.. I will attach a threatening approach not only to those who no longer like it, but also to newcomers and non-experts. “

Grova-Hartmann responded briefly. “If you want to work like this, I suggest you find another community to run your experiments, you are not welcome here“. Last act? No, the debate has affected the community, in favor of (many) and against (some).

He is Brad Spengler, president of Open Source Security Inc. Limited Excessive reaction from Linux kernel maintainers. “[…] Disable actions submitted before any search and remove added CAP_SYS_ADMIN checks … this is crazy. […] Are you deliberately reintroducing dozens of vulnerabilities to ‘take a stand’? Let’s go, ”Ha Spengler wrote on Twitter.

Gerd Floyd de Red Hot It looks different. “It’s worse than being the subject of an experiment; going to the grocery store and cutting the brake lines on all the cars (outside, version) to see how many people you have is like saying you’re a ‘safety inspector’. They crash when they exit. It’s very immoral.”