Linux Foundation bans American university for deliberately introducing bugs

Linux Foundation fellow Greg Kroah-Hartman has banned an American university from contributing patches to its Linux kernel. This is because researchers at the university allegedly attempted to deliberately add vulnerabilities to the kernel.

The decision is confirmed in a discussion in the Linux mailing list, Phoronix also noted. The University of Minnesota researchers already published a report in February on “the feasibility of introducing vulnerabilities in open source software unnoticed.” The researchers wanted to investigate how the kernel community would respond to these bugs in the kernel.

More recently, the group of researchers attempted a new batch of patches to the kernel, which the researchers say stemmed from a static analysis tool. The researcher said he sent the patches in the hope of getting feedback. However, Kroah-Hartman writes in a response in the Linux mailing list that the patches are questionable and do not add value to the kernel.

“They’re clearly not made by any static analysis tool of any intelligence, as they’re all the result of completely different patterns, and they all clearly don’t even fix anything,” Kroah-Hartman writes. “A few minutes with someone who has even the slightest bit of knowledge of C can see your submissions do nothing at all.”

The Linux Foundation fellow further writes that kernel contributions from the University of Minnesota are no longer welcome, and that all previous patches from the researchers will be rolled back. In a follow-up to the Linux mailing list, Greg Kroah-Hartman confirms that all of the researchers’ previous patches, several of which have also reached the stable branch, are indeed being rolled back.