The university of Minnesota has been banned from contributing to Linux kernel by one of its maintainers after researchers from the school apparently knowingly submitted the code with security flaws. Earlier this year, two researchers from the university released a paper detail on how they had submitted known security vulnerabilities to the Linux kernel in order to show how malicious code could get through the approval process.
Now, after another student from the university submitted code that reportedly does nothing, kernel maintainer and Linux Foundation fellow Greg Kroah-Hartman has released a statement calling for all kernel maintainers to reject any code submissions from anyone using a umn.edu email address. In addition to not accepting any new code from the university, all of the code submitted in the past is being removed and re-reviewed. It seems like it will be a massive amount of work, but Kroah-Hartman has made it clear that the developer community doesn't appreciate "being experimented on" and that all of the code from the university has been called into question due to the research. The university has put out a statement, saying it's been made aware of the research and its subsequent ban from contributing. It says it has suspended that line of research and will be investigating how the study was approved and carried out. In a statement meant to clarify the study, the researchers said they intended to bring attention to issues with the submission process - mainly, the fact. that bugs, including the ones that were potentially maliciously crafted, could slip through.
0 Comments