故意向Linux內核提交漏洞被全線拉黑?華人教授行爲引衆怒

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Linus Torvalds"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" 應該要氣炸了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近日,Linux內核穩定分支的維護者Greg Kroah-Hartman將美國明尼蘇達大學(UMN)拉入了“黑名單”,禁止其向主線Linux內核提交補丁,原因是UMN故意提交有安全影響的可疑代碼,並以研究的名義進行其他“實驗”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"並非第一次引起爭議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"前段時間,明尼蘇達大學計算機科學與工程專業的博士生Qiushi Wu(本科爲中國科學技術大學)和該學院的助理教授Kangjie Lu(本科爲北京大學)撰寫了一篇旨在提高OSS中修補過程安全性的論文,題爲“"},{"type":"link","attrs":{"href":"https:\/\/github.com\/QiushiWu\/QiushiWu.github.io\/blob\/main\/papers\/OpenSourceInsecurity.pdf","title":null,"type":null},"content":[{"type":"text","text":"On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"據悉,Qiushi Wu在2018年獲得了中國科學技術大學信息科學與工程系的學士學位,研究方向是程序分析技術在Linux內核等操作系統上的應用。Qiushi Wu在今年2月份將上述論文上傳到GitHub上(目前已經刪除),並計劃在5月份舉行的第42屆IEEE安全與隱私研討會上針對該論文進行討論。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"該論文探索了在開源項目的補丁程序中藏匿安全漏洞的可能性,希望指導維護團隊更科學地衡量此類補丁、正確做出合併判斷。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在研究中,研究團隊用實驗來演示引入漏洞補丁的實用性,該行爲被認爲會在操作系統軟件中引入錯誤條件。而且在論文中,他們公開了將漏洞插入Linux內核及其他開源項目的可行方法,並表示向各類開源項目的漏洞植入成功率已經接近60%。這些在當時就引發了很大的安全爭議。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/5c\/5cd898fc7b7563d4b80725c925e0b4a6.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" 對此,Qiushi Wu在去年12月15日也做出了"},{"type":"link","attrs":{"href":"https:\/\/www-users.cs.umn.edu\/~kjlu\/papers\/clarifications-hc.pdf","title":null,"type":null},"content":[{"type":"text","text":"解釋"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"。“我們沒有也不打算在Linux內核中引入任何錯誤或漏洞。所有引入錯誤的補丁只在電子郵件交流中保留,並沒有被採用或合併到任何Linux分支中,這是由維護者明確確認的。因此,在任何Linux分支中,郵件中引入錯誤的補丁甚至都沒有變成Git提交。沒有Linux用戶會受到影響。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"同時,Qiushi Wu也表示,該實驗已通過了UMN的機構審查委員會(IRB)審查,該委員會確定該項目不涉及人類研究,因此沒有再進行倫理審查。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"但最近,明尼蘇達大學的研究人員又提交了新一輪的補丁,這些補丁聲稱來自“一個新的靜態分析器”,這引起了Greg的反感,並將整個明尼蘇達大學拉入黑名單。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"“我一直想這麼做,但最近的事件終於迫使我這麼做了。”Greg表示。對此,明尼蘇達大學計算機科學與工程專業博士生Aditya Pakki表示很氣憤,並向Greg發郵件表示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Greg,我謹請你停止這些誹謗性的野蠻指控。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些補丁是作爲我編寫的新靜態分析器的一部分發送的,顯然它的靈敏度不高。我提交了補丁,希望能得到反饋。我們不是Linux內核方面的專家,但(你)反覆發表這些聲明令人討厭。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這顯然是一個錯誤的步驟,但是你先入爲主的偏見如此強烈,以至於你提出的指控毫無根據,也沒有帶來任何正向、有益的反饋。由於不但不受歡迎而且還會嚇到新手和非專家,因此我將不再提交補丁。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"而Greg也在回覆的"},{"type":"link","attrs":{"href":"https:\/\/lore.kernel.org\/linux-nfs\/YH%2FfM%[email protected]\/","title":null,"type":null},"content":[{"type":"text","text":"電子郵件"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"中強調,錯在明尼蘇達大學,社區不是其測試對象:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你和你的團隊已經公開承認發送了已知的錯誤補丁,以查看內核社區對它們的反應,並基於此發表了一篇論文。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在你又提交了一系列明顯錯誤的補丁,我該怎麼看待這件事情呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這些補丁顯然不是由任何一個有智能的靜態分析工具創建的,因爲它們都是完全不同的模式的結果,而且所有這些顯然都沒有修復任何東西。那麼,除了你和你的團隊繼續通過提交這種毫無意義的補丁來對內核社區的開發者進行試驗之外,我還能想到什麼?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"任何對C語言有一定了解的人,用點時間都可以看出來你們提交的補丁根本沒有任何作用,所以認爲一個工具創造了這些補丁,然後你認爲它們是有效的 \"修復\",這完全是你們的疏忽,不是我們的。錯在你們,我們的工作不是成爲你創造的工具的測試對象。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們社區不喜歡被試驗,也不喜歡通過提交已知的補丁被“測試”,這些補丁要麼是故意不做什麼,要麼是故意引入bug。如果你想做這樣的研究,我建議你找其他社區,你在這裏是不受歡迎的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"因此,我現在不得不禁止你的大學今後的所有貢獻,並剔除掉你以前的貢獻,因爲它們顯然是以惡意的方式提交的,目的是造成問題。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在此之後,UMN計算機科學官方也通過"},{"type":"link","attrs":{"href":"https:\/\/twitter.com\/UMNComputerSci\/status\/1384948683821694976","title":null,"type":null},"content":[{"type":"text","text":"Twitter"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"發佈了以下聲明,表示該研究項目已被暫停,並計劃調查該項目的批准程序,以確定是否需要採取補救措施和可能的保障措施。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"今天,明尼蘇達大學計算機科學與工程學系的領導瞭解到一位教職員工和研究生正在研究Linux內核的安全性的詳細信息。由於所使用的研究方法引起了Linux 內核社區的強烈關注,導致截至目前爲止本大學被禁止爲Linux Kernel做出任何貢獻。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們對此非常重視,並立即中止了這一研究。我們將對該研究的方法和批准流程做相應的調查,確定適當的補救措施,並在需要時採取措施防止未來可能發生的問題。我們會盡快將調查結果報告給社區。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Mats Heimdahl,部門主管"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Loren Terveen,部門副主管"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/1a\/1aa43f08576415bec29f768fc7711288.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"浪費社區時間還是有價值的研究?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Linux內核是迄今爲止規模最大的軟件開發項目之一,目前其代碼總量已經達到2800餘萬。Linux內核維護團隊每天都要接受來自世界各地、不同領域的貢獻者們提交的大量補丁,並在將成果正式合併前對內容進行審覈。明尼蘇達大學研究團隊的行爲無疑遭到了Linux貢獻者和維護人員的強烈譴責。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在Linux內核方面擁有豐富經驗的開發人員"},{"type":"link","attrs":{"href":"https:\/\/lore.kernel.org\/linux-nfs\/[email protected]\/","title":null,"type":null},"content":[{"type":"text","text":"Leon Romanovsky"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"發現後立即表示要求明尼蘇達大學停止提交已知無效的補丁,“這是在浪費我們的時間。”甚至有網友表示,這篇論文故意誤導,試圖誇大其貢獻。“學術界的很多人只是爲了拿到證書而已。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"位於美國波士頓的東北大學計算機科學副教授"},{"type":"link","attrs":{"href":"https:\/\/lore.kernel.org\/linux-nfs\/[email protected]\/","title":null,"type":null},"content":[{"type":"text","text":"Abhi Shelat"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"表示,“學術研究不應該浪費社區的時間。如果你覺得這項研究值得做,應該聯繫UMN的機構審查委員會。”Shelat同時敦促Linux社區成員嚮明尼蘇達大學的IRB提出質疑,以確定該實驗是否得到了充分的審查。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"針對這點,Qiushi Wu在之前的解釋中也表示,這項工作確實了浪費了維護人員的時間,雖然仔細考慮過這個問題,但沒有找到更好的解決方案,但團隊將通過精簡補丁等方式在努力避免該問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"不過,也有Linux內核社區之外的開發人員認爲,大家應該關注的是Linux內核代碼的安全性問題,而非研究人員的“滑稽”行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"如果UNM沒有引起任何注意,它們是否會被發現?其他惡意行爲者是否有做過這樣的事情而沒有被抓住?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"“這似乎表明任何黑客組織或個人可以將自己的攻擊行爲置於內核中。假設他們貢獻了99.9%的有用代碼,解決了實際問題,在幾年內建立了信任,並且很少編寫難以察覺的惡意漏洞。然後,每個人都認爲那些漏洞只是普通的錯誤。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"Google密碼學和軟件工程師"},{"type":"link","attrs":{"href":"https:\/\/twitter.com\/FiloSottile\/status\/1384883910039986179?s=20","title":null,"type":null},"content":[{"type":"text","text":"Filipo Valsorda"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在推特上表示,就像Linux內核維護者說他們無法確定補丁是否是惡意的,因此必須依靠電子郵件地址域名。比起譴責學者,是否基於確定的代碼正確性做出信任決定應該是更值得關注的問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"盧塔安全公司(Luta Security)首席執行官凱蒂•穆蘇里斯(Katie Moussouris)也表達了類似的看法,稱這種反應是“情緒上的過度反應”,並認爲這些發現從國家安全角度來看是有價值的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"經過激烈的爭論之後,Greg 現在"},{"type":"link","attrs":{"href":"https:\/\/lore.kernel.org\/lkml\/[email protected]\/","title":null,"type":null},"content":[{"type":"text","text":"表示"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":",將還原該團隊提交的所有補丁,並再次進行審查來確定其是否有效。在此之前,該團隊的補丁仍會被刪除,以確保代碼庫中沒有引入任何問題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"這個補丁集有的可以“簡單”恢復,有68個需要手動檢查恢復,其中一些還不能被還原。在確定這些更改有效後,明尼蘇達大學研究團隊可以重新提交。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"但最後,Greg還是表示,“即使你可以提供證據證明它們是有效的,但爲什麼事實上我們卻是在浪費時間做額外的工作?”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"延伸閱讀:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/fosspost.org\/researchers-secretly-tried-to-add-vulnerabilities-to-linux-kernel\/","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/fosspost.org\/researchers-secretly-tried-to-add-vulnerabilities-to-linux-kernel\/"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.theregister.com\/2021\/04\/21\/minnesota_linux_flaws\/","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/www.theregister.com\/2021\/04\/21\/minnesota_linux_flaws\/"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章