Qiushi Wu, a doctoral student in computer science and engineering at the American college, and Kangjie Lu, assistant professor at the school, penned a paper titled, "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits" [PDF], which is slated to be presented at the Proceedings of the 42nd IEEE Symposium on Security and Privacy next month.
The paper describes how the authors submitted what's described as subtly subversive code contributions that would introduce error conditions into the operating system software, and it claims the researchers subsequently contacted Linux maintainers to prevent any bad code ending up in an official release of the kernel.
https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/
https://thehackernews.com/2021/04/minnesota-university-apologizes-for.html
Linuxiin yritettiin ujuttaa huonoa koodia.
Ei kommentteja:
Lähetä kommentti