Announcement

Collapse
No announcement yet.

University Banned From Contributing To Linux Kernel For Intentionally Inserting Bugs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Also from the paper:
    A. Ethical Considerations
    Ensuring the safety of the experiment. In the experiment,we aim to demonstrate the practicality of stealthily introducing vulnerabilities through hypocrite commits. Our goal is not to introduce vulnerabilities to harm OSS. Therefore, we safely conduct the experiment to make sure that the introduced UAF bugs will not be merged into the actual Linux code.
    Seems like they failed, no?

    Comment


    • #12
      Penguins seen burning all over MiniSoder ! PLM coming !

      Comment


      • #13
        What is ethic in research ? Is it not important anymore ?

        Comment


        • #14
          Originally posted by Setif View Post
          Good Research paper, It exposes a lot of issues in Large Open Source Projects.
          Instead of focusing on their deeds, they should focus on resolving those issues by introducing new strict policies for contributing code to a very sensitive project like Linux kernel.
          ehhh no.... that's not how this works. Even if you do this, you have to prevent those patches to actually getting in by saying "sorry guys, but this patch is doing something terribly bad and we just wanted to see how far we would get" after they got queued up in some subsystem tree or something.

          Research can't simply ignore moral and ethics. Hence "tests" on animals and humans are very restricted and you always have to proof there is no better way. _proof_ not just saying there is nothing better.

          Comment


          • #15
            It's the new "It's a prank, bro" ?
            Research paper version.

            Comment


            • #16
              Originally posted by schmidtbag View Post
              lol well there goes that university's credibility. Though looking into them, seems all they really got going for them is pumping out SJWs, so.... yeah.

              I'm curious about what some of the other patches are that will be removed.
              Ironically, comments using SMS language and unrelated clich├ęs like "SWJs", don't have any credibility either.

              Comment


              • #17
                In university environments, an ethics checklist for any research needs to be signed off by the "ethics champion" or the ethics board.

                I wouldn't be surprised if this uncovers a much deeper issue here. Whoever signed off on this has either done a very poor job or the students have committed an academic offense (by not submitting an ethics request).

                Either way, seeding known errors in an open-source project isn't big or clever. If you did similar in a commercial repo, you would be diciplined and fired. Just because open-source projects don't pay you a wage and can't fire you doesn't make them any more or less susceptible.
                Last edited by kpedersen; 21 April 2021, 09:07 AM.

                Comment


                • #18
                  I am pretty sure, that any tests against kernel security are most welcomed. They just don't need bad code.

                  Comment


                  • #19
                    Now imagine if the same contributions were made by a Chinese university...

                    Comment


                    • #20
                      Originally posted by om26er View Post
                      Now imagine if the same contributions were made by a Chinese university...
                      To be fair, the authors of the paper (behind this intentional defect) sound to be Chinese: Qiushi Wu and Kangjie Lu

                      https://github.com/QiushiWu/QiushiWu...Insecurity.pdf

                      So I don't think it would really have made a difference. Anyone is allowed to commit to the kernel.

                      Unless you mean that it would have started an uproar that a certain nations university is banned from contributing? Then yeah, you are probably right
                      Last edited by kpedersen; 21 April 2021, 09:16 AM.

                      Comment

                      Working...
                      X