Lemmy.eus
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
sseneca@lemmy.ml to Linux@lemmy.ml · 4 years ago

University of Minnesota banned from contributing to Linux kernel, previous contributions also removed

lore.kernel.org

external-link
message-square
18
fedilink
63
external-link

University of Minnesota banned from contributing to Linux kernel, previous contributions also removed

lore.kernel.org

sseneca@lemmy.ml to Linux@lemmy.ml · 4 years ago
message-square
18
fedilink
Re: [PATCH] SUNRPC: Add a check for gss_release_msg - Greg KH
lore.kernel.org
external-link
alert-triangle
You must log in or # to comment.
  • AgreeableLandscape@lemmy.mlM
    link
    fedilink
    arrow-up
    22
    ·
    4 years ago

    The first rule of pentesting is to get goddamn permission before you exploit something. Come to think of it, what they did is probably federally illegal under computer abuse law.

  • AgreeableLandscape@lemmy.mlM
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    4 years ago

    Here’s the researcher’s response:

    https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/

    And the paper that started it:

    https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

    Judge for yourself, but I definitely don’t think it’s a good look.

    • shilangyu (lemmur)@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      4 years ago

      University of Minnesota issued a statement: https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021

      • shilangyu (lemmur)@lemmy.ml
        link
        fedilink
        arrow-up
        6
        ·
        4 years ago

        Probably a good idea to subscribe to this issue: https://github.com/QiushiWu/qiushiwu.github.io/issues/1

  • lorabe@lemmy.ml
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    4 years ago

    An entire institution banned thanks to these guys.

    Sounds kinda excessive and at the same time adequate.

    • AgreeableLandscape@lemmy.mlM
      link
      fedilink
      arrow-up
      10
      ·
      4 years ago

      I imagine they don’t want the possibility of the researcher just getting a new academic email and continuing to do it. Also, it forces the university to react since the researcher clearly isn’t willing to stop judging by their responses.

      • lorabe@lemmy.ml
        link
        fedilink
        arrow-up
        9
        ·
        4 years ago

        I’ve been reading the messages and it’s totally embarrassing, i can’t believe someone is messing with a kernel installed on thousands of millions of devices just to create an academic paper.

        TWICE, they were trying to do it AGAIN.

  • lordofbud@lemmy.ml
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    4 years ago

    Sounds like a reasonable response to a bad faith actor.

  • TheAnonymouseJoker@lemmy.ml
    link
    fedilink
    arrow-up
    11
    arrow-down
    3
    ·
    4 years ago

    Based and Tuxpilled

  • joojmachine@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    4 years ago

    I have no idea what happened, I just know it was brutal. Damn.

    • otso@lemmy.ml
      link
      fedilink
      arrow-up
      19
      ·
      4 years ago

      Hot damn! I don’t know the specific patches, but according to the email (tl:dr;) a team at University of Minnesota was submitting patches they knew were broken to “test” how the kernel team responded. They had apparently published papers on it.

    • Subversivo@lemmy.ml
      link
      fedilink
      arrow-up
      16
      ·
      4 years ago

      Link tells whole story. They submitted buggy patches to see how devs would react and published a paper on it. Now, they submitted buggy patches again.

      • joojmachine@lemmy.ml
        link
        fedilink
        arrow-up
        10
        ·
        4 years ago

        So they were being either extremely stupid or extremely rotten by keeping giving the kernel devs more work debugging bad code?

        • Subversivo@lemmy.ml
          link
          fedilink
          arrow-up
          15
          ·
          4 years ago

          Giving other work and making them look bad if they fail to spot errors to personal academic gains. Yes, extremely rotten.

          Don’t know how ethics committees work on US, but this is the thing that should never be allowed to pass them.

      • otso@lemmy.ml
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        4 years ago

        Oh hey, yours went through as I was typing, my bad.

        • Subversivo@lemmy.ml
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          4 years ago

          No problem, mate.

  • wick3dr0se@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    Tell me this didn’t go live and get installed on anyone’s system

  • Dreeg Ocedam@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    4 years ago

    I’m guessing they’re forcing the hand of the university to do something about it, and then will unban the university except the few who worked on the patches.

    They don’t want to bother investigating/punishing so they expect the university to do it for them.

    It would seem unfair to ban the whole university forever.

Linux@lemmy.ml

linux@lemmy.ml

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@lemmy.ml

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

  • !opensource@lemmy.ml
  • !libre_culture@lemmy.ml
  • !technology@lemmy.ml
  • !libre_hardware@lemmy.ml

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1.34K users / day
  • 3.34K users / week
  • 7.31K users / month
  • 17.7K users / 6 months
  • 24 local subscribers
  • 56.1K subscribers
  • 6.94K Posts
  • 119K Comments
  • Modlog
  • mods:
  • nooter692@lemmy.ml
  • AgreeableLandscape@lemmy.ml
  • MarcellusDrum@lemmy.ml
  • Arthur Besse@lemmy.ml
  • Cyclohexane@lemmy.ml
  • d3Xt3r@lemmy.nz
  • BE: 0.19.7
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org