Minnesota University Apologizes for Contributing Malicious Code to the Linux Project
Apr 26, 2021
Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a subject of our research, and to waste its effort reviewing these patches without its knowledge or permission," assistant professor Kangjie Lu, along with graduate students Qiushi Wu and Aditya Pakki, said in an email. "We did that because we knew we could not ask the maintainers of Linux for permission, or they would be on the lookout for the hypocrite patches," they added. The apology comes over a study into what's called "hypocrite commits," which was published earlier this February. The project aimed to deliberately add use-after-free vulnerabil...