9/23/2023 0 Comments Submitting to linux kernelHeimdahl and Terveen will issue a report about the incident as soon as they could, saying: "We will report our findings back to the community as soon as practical. We will investigate the research method and the process by which this research method was approved, determine appropriate remedial action, and safeguard against future issues, if needed." We have immediately suspended this line of research. "We take this situation extremely seriously. "The research method used raised serious concerns in the Linux kernel community and, as of today, this has resulted in the University being banned from contributing to the Linux kernel. The university's Mats Heimdahl and Loren Terveen, head and deputy head respectively of the university's Department of Computer Science, put out a media statement after the story broke, saying: "Leadership in the University of Minnesota Department of Computer Science & Engineering learned today about the details of research being conducted by one of its faculty members and graduate students into the security of the Linux kernel. Torvalds added: "It's also annoying, because most of the patches are valid (and the ones that aren't are generally 'useless' rather than 'actively malicious'), so it's basically a huge waste of people's time to now go over those things again just because one source has shown itself to not be above board." "Because of this, I will now have to ban all future contributions from your University and rip out your previous contributions, as they were obviously submitted in bad-faith with the intent to cause problems." submit your changes in an appropriate format (the output of diff -up for Linux), make sure the patch can be cleanly applied (and works) on the latest software (Linux kernel) version, include test cases that demonstrate both the problem you're addressing and how your patch solves it, and. "When submitting patches created by a tool, everyone who does so submits them with wording like 'found by tool XXX, we are not sure if this is correct or not, please advise." which is NOT what you did here at all," he wrote. It claimed to explore the possibility of stealthily introducing vulnerabilities in open-source software, in this case the Linux kernel.ĭespite these provocations, Kroah-Hartman used polite language in responding to Pakki and the university. The university's Qiushi Wu and Kangjie Lu published the paper in question, which is titled "On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits". Kroah-Hartman told the university's Aditya Pakki that the buggy patches had been sent to see how the kernel community would react, so that some others at the same institution could write a research paper. into submitting kernel patches and working with the Linux kernel community. Start by formatting the relevant patches from the Linux tree. Linux Kernel Development details the design and implementation of the Linux. The reaction from the tech community in this particular case also shows the global anti-Huawei sentiment, which has been spurred in recent years by countless of security issues in the company's products, accusations of intellectual property theft, accusations of hiding secret backdoors in its firmware, and the West's fear of having the Chinese government spy on worldwide communications via the ever-popular Huawei equipment."I don't think it has been a huge deal _technically_, but people are pissed off, and it's obviously a breach of trust." How to backport kernel patches First, the patch should be submitted upstream to netdev. You must respect the submission guidelines of the Linux Kernel. A report by the UK government last year found that Huawei networking equipment was riddled with security flaws that often went years without receiving patches. Patches should be sent to our mptcp-dev Mailing-List. The fact that a Huawei employee wrote code that contains security flaws is nothing new. "It is only the demo code used by an individual for technical discussion with the open source community Openwall," Huawei said.Īn update was also added to the HKSP project on Monday, with the Huawei employee adding a similar disclaimer. The company said the project was created and submitted to the Linux kernel project by the engineer, without its formal backing, and the HKSP code was never actually used in any of the official Huawei products. The kernel is the part of the system that handles the hardware, allocates resources like memory pages and CPU cycles, and usually is responsible for the file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |