University Banned From Contributing To Linux Kernel For Intentionally Inserting Bugs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • lkucharczyk
    Junior Member
    • Apr 2021
    • 1

    #11
    Also from the paper:
    A. Ethical Considerations
    Ensuring the safety of the experiment. In the experiment,we aim to demonstrate the practicality of stealthily introducing vulnerabilities through hypocrite commits. Our goal is not to introduce vulnerabilities to harm OSS. Therefore, we safely conduct the experiment to make sure that the introduced UAF bugs will not be merged into the actual Linux code.
    Seems like they failed, no?

    Comment

    • Murdock2525
      Junior Member
      • Dec 2020
      • 4

      #12
      Penguins seen burning all over MiniSoder ! PLM coming !

      Comment

      • slowee
        Junior Member
        • Feb 2019
        • 14

        #13
        What is ethic in research ? Is it not important anymore ?

        Comment

        • karolherbst
          Senior Member
          • Aug 2012
          • 697

          #14
          Originally posted by Setif View Post
          Good Research paper, It exposes a lot of issues in Large Open Source Projects.
          Instead of focusing on their deeds, they should focus on resolving those issues by introducing new strict policies for contributing code to a very sensitive project like Linux kernel.
          ehhh no.... that's not how this works. Even if you do this, you have to prevent those patches to actually getting in by saying "sorry guys, but this patch is doing something terribly bad and we just wanted to see how far we would get" after they got queued up in some subsystem tree or something.

          Research can't simply ignore moral and ethics. Hence "tests" on animals and humans are very restricted and you always have to proof there is no better way. _proof_ not just saying there is nothing better.

          Comment

          • pazns
            Junior Member
            • Jan 2020
            • 7

            #15
            It's the new "It's a prank, bro" ?
            Research paper version.

            Comment

            • simonsaysthis
              Junior Member
              • Jun 2019
              • 17

              #16
              Originally posted by schmidtbag View Post
              lol well there goes that university's credibility. Though looking into them, seems all they really got going for them is pumping out SJWs, so.... yeah.

              I'm curious about what some of the other patches are that will be removed.
              Ironically, comments using SMS language and unrelated clichés like "SWJs", don't have any credibility either.

              Comment

              • kpedersen
                Senior Member
                • Jul 2012
                • 2698

                #17
                In university environments, an ethics checklist for any research needs to be signed off by the "ethics champion" or the ethics board.

                I wouldn't be surprised if this uncovers a much deeper issue here. Whoever signed off on this has either done a very poor job or the students have committed an academic offense (by not submitting an ethics request).

                Either way, seeding known errors in an open-source project isn't big or clever. If you did similar in a commercial repo, you would be diciplined and fired. Just because open-source projects don't pay you a wage and can't fire you doesn't make them any more or less susceptible.
                Last edited by kpedersen; 21 April 2021, 09:07 AM.

                Comment

                • Siuoq
                  Senior Member
                  • May 2013
                  • 126

                  #18
                  I am pretty sure, that any tests against kernel security are most welcomed. They just don't need bad code.

                  Comment

                  • om26er
                    Phoronix Member
                    • Mar 2013
                    • 52

                    #19
                    Now imagine if the same contributions were made by a Chinese university...

                    Comment

                    • kpedersen
                      Senior Member
                      • Jul 2012
                      • 2698

                      #20
                      Originally posted by om26er View Post
                      Now imagine if the same contributions were made by a Chinese university...
                      To be fair, the authors of the paper (behind this intentional defect) sound to be Chinese: Qiushi Wu and Kangjie Lu

                      https://github.com/QiushiWu/QiushiWu...Insecurity.pdf

                      So I don't think it would really have made a difference. Anyone is allowed to commit to the kernel.

                      Unless you mean that it would have started an uproar that a certain nations university is banned from contributing? Then yeah, you are probably right
                      Last edited by kpedersen; 21 April 2021, 09:16 AM.

                      Comment

                      Working...
                      X