Academics face backlash after trying to sneak dodgy code into Linux

A couple of computer scientists at the University of Minnesota riled up veteran Linux kernel developers by intentionally submitting questionable code to the mainline kernel.

The scientists introduced what are known as use-after-free bugs into the kernel for the purposes of their research, aptly titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits."

The paper describes how the authors submitted dubious code that would introduce error conditions into the kernel. The researchers claim they subsequently contacted Linux maintainers to prevent any of their code ending up in the official kernel release.

• Here are the best Linux laptops for running Linux
• Check our list of the best Linux distros for developers
• Also take a look at the best laptops for programming

However, a new round of patches from other scientists at the university, which again appeared deceptive, was enough to exasperate Greg Kroah-Hartman.

"Our community does not appreciate being experimented on, and being 'tested' by submitting known patches that either do nothing on purpose, or introduce bugs on purpose," wrote Kroah-Hartman.

Off limits

The intent of the original paper was apparently to highlight the shortcomings in the development process of the Linux kernel. However, it was a new set of deceptive patches that ticked off Kroah-Hartman.

"So what am I supposed to think here, other than that you and your group are continuing to experiment on the kernel community developers by sending such nonsense patches,” he remarked.

But he didn’t stop there. He backed up his threat of asking the researchers to find a different community to run their experiments on, banning all future contributions from anyone at the University of Minnesota. 

Then he went one step further and proposed to purge all the contributions to the Linux kernel made from official University of Minnesota email addresses. 

Last heard, the proposal had been accepted, but the debate rages on. While repeatedly running experiments on the kernel in the name of research shouldn’t be tolerated, developers are divided on the severity of Kroah-Hartman blanket ban. 

• Subscribe to Linux Format magazine for more Linux and open source goodness

Via The Register

from TechRadar - All the latest technology news https://ift.tt/3tCPfX3