Announcement

Collapse
No announcement yet.

University Banned From Contributing To Linux Kernel For Intentionally Inserting Bugs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Originally posted by oiaohm View Post

    That idea of profressor doing malicious commits then having undergrad students fix them is not a legal method most countries. Its criminal under sabotage or treason depending on the country. Treason you can end up dead for it.
    This is definitely not Treason in the United States.

    Comment


    • #62
      Originally posted by bug77 View Post

      Can you imagine the shitstorm heading GKH's way if some of the banned researchers are in some sort of minority...
      I'd like to see that. Companies backing up those cries also need to explain how injecting vulnerabilities into their products is a good thing.

      Comment


      • #63
        Originally posted by User42 View Post
        It's just like saying "let's not try to break AES because people depend on it".
        How? Everyone already knows it's possible for bugs to slip inside kernel.
        Everyone knows some of the bugs will remain in the kernel for extremely long periods before they get detected/fixed.
        Unless they really intended to flood the kernel with bugs (to get statistically meaningful results), what new does this "research" teach us?

        Comment


        • #64
          This is a very interesting issue. Is it ethical? Probably not. Does it expose pretty much what Steve Ballmer screamed about at Microsoft for years? 100% Yes!

          The question is how do you validate contributor's trustworthiness in a community that champions total freedom of contribution? In closed source everyone contributing can be 100% managed and vetted.

          I wonder how many of these bugs have been introduced by external forces that did not write papers about it?

          Now... should this university be banned? Probably, but I would say not for this paper... but rather the other extraneous spamming they are apparently doing by generating and adding patches of absolutely no value.

          Something like this though should really have the whole Linux community re-evaluate how "trustworthiness" is defined, monitored and enforced in key projects like the Kernel.

          Linux at least has a huge body of resources to help with this.Something like this is probably a much bigger issue/warning to groups like FreeBSD that are used in a few critical infrastructure pieces, but do not have as many resources to ensure "trustworthiness" in their code.

          Comment


          • #65
            Originally posted by drjohnnyfever View Post
            This is definitely not Treason in the United States.
            USA its sabotage but can come Treason if the exploit you have added by the sabotage gets classed as giving aid to a enemy to attack USA government systems. So sorry you are wrong with the " its not definitely not Treason". USA its definitely sabotage with possibility of a treason prosecution depending on the results of the sabotage. You have to remember the Linux kernel is used is critical government systems so things can take a very big turn for the worse legally very quickly.

            With those bring up China same stunt in china is treason always what is vastly worse results to anyone who attempts it.
            Last edited by oiaohm; 21 April 2021, 01:46 PM.

            Comment


            • #66
              Originally posted by zexelon View Post
              The question is how do you validate contributor's trustworthiness in a community that champions total freedom of contribution? In closed source everyone contributing can be 100% managed and vetted.
              https://www.workforce.com/news/sabot...-an-inside-job
              What you have stated here is a false idea. In closed source you can still have your sabotaging parties that can be very hard to find.
              https://en.wikipedia.org/wiki/The_Mo...alian_season_1)
              Over the years there have been a lot of experiments with internal sabotage even when you know it there finding the right party is very hard.

              The Linux kernel with git history is keeping a very detailed log for who added what. Microsoft with windows is using git internally because their prior solution did not have enough tracking information to find internal sabotage.

              How do you validate trustworthiness of code is a very hard problem. Does not need parties messing about.

              Comment


              • #67
                Originally posted by oiaohm View Post
                USA its sabotage but can come Treason if the exploit you have added by the sabotage gets classed as giving aid to a enemy to attack USA government systems. So sorry you are wrong its not definitely not Treason.. USA its definitely sabotage with possibility of a treason prosecution depending on the results of the sabotage. You have to remember the Linux kernel is used is critical government systems so things can take a very big turn for the worse legally very quickly.

                With those bring up China same stunt in china is treason always what is vastly worse results to anyone who attempts it.
                The last time someone was convicted of Treason in the United States was 1952 over events that happened in World War II, and eventually the sentence was commuted. If your interpretations of Treason law were at all reasonable one would expect there to be a at least a single historical example.

                For clarity, in the US treason is specifically 'limited to levying war against the US, or adhering to their enemies, giving them aid and comfort.'

                Comment


                • #68
                  Excellent choice. who does vigile on the safety of linux patches?

                  Comment


                  • #69
                    Why does the word "assholes" come to my mind?

                    Comment


                    • #70
                      Originally posted by drjohnnyfever View Post
                      The last time someone was convicted of Treason in the United States was 1952 over events that happened in World War II, and eventually the sentence was commuted. If your interpretations of Treason law were at all reasonable one would expect there to be a at least a single historical example.
                      No the conditional requirements. "depending on the results of the sabotage." key and "giving aid to a enemy" Word War II the enemy was clearly defined so Treason charges are more possible. The law is still on the books for Treason in the USA but its hard prosecute due to the requirements current day and since world war II. Sabotage is a lot more simple. The china version of Treason allows for Sabotage of government properly to be prosecuted without confirming enemy because you doing the sabotage was the enemy.

                      Reason for the lack of recent historic examples treason examples in USA is lack of clear define enemy. Something to remember a code modification might sit in place with a flaw for a decade+ before being found by then the USA could be at war with a party that is a clear define enemy and could be in the mood again to use the Treason change. Remember the Linux kernel has kept detail records of who submitted what. So being noticed and removed is technically saving their hide against future risk.

                      Comment

                      Working...
                      X