Minnesota University Apologizes for Contributing Malicious Code to the Linux Project

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project’s code, which led to the school being banned from contributing to the open-source project in the future.

“While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a subject of our research, and to waste its effort reviewing these patches without its knowledge or permission,” assistant professor Kangjie Lu, along with graduate students Qiushi Wu and Aditya Pakki, said in an email.

“We did that because we knew we could not ask the maintainers of Linux for permission, or they would be on the lookout for the hypocrite patches,” they added.

password auditor

The apology comes over a study into what’s called “hypocrite commits,” which was published earlier this February. The project aimed to deliberately add use-after-free vulnerabilities to the Linux kernel in the name of security research, apparently in an attempt to highlight how potentially malicious code could sneak past the approval process, and as a consequence, suggest ways to improve the security of the patching…


Have a comment? Type it below!