Linux review board says rogue researchers did not successfully insert buggy patches into kernel
Linux kernel will publish best practices for researchers working with the kernel community
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
TheLinux Foundation’s Technical Advisory Board (TAB) has prepared a report to summarize the“Hypocrite Commits” rowafter a thorough review of all University of Minnesota (UNM) submissions found that none of the buggy code made it to the mainlineLinuxkernel.
Prepared by TAB with patch review help from several kernel developers,the reportsummarizes the events that led to a call for a review of all submissions from UNM, along with the findings of the review.
Senior kernel developer Greg Kroah-Hartman asked the community to stop accepting patches from UNM and to review all of their previous contributions after catching UNM researchers deliberately sending compromised code submissions to the kernel.
This incident was preceded by a similar attempt last year by UNM researchers to inject buggy code for their research project.
Kroah-Hartman asked for the UNM ban and code review when he saw another round of doggy patches from the university in April 2021, assuming the resumption of the 2020 experiment.
Regaining trust
The important takeaway from the entire incident however is that none of the buggy code made it into the kernel.
“All patch submissions that were invalid were caught, or ignored, by the Linux kernel developers and maintainers. Our patch-review processes worked as intended when confronted with these malicious patches,” finds the TAB report.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The report concluded by reiterating the strong ties between the kernel and the academic institutions, after all the kernel started as Linus Torvalds’ university project.
TAB suggests that going forward UNM should consider getting all its submissions reviewed by an experienced developer, which is a review process that’s followed by many companies that contribute to the kernel.
“Until such a review process is put into place, it will be difficult to re-establish the trust between UMN and the kernel community, and patches from UMN will continue to find a chilly reception.”
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
