Conversation

Replying to

Not to defend the research, but I've been hearing for years that it would be difficult to introduce bugdoors into the Kernel.

Replying to

and

It would be difficult for an unknown individual or unknown/untrusted organisation. It's less difficult for a respected university willing to sacrifice its reputation.

Replying to

and

See, that's exactly my point, people say that. It would not be difficult at all, the research showed that. Greg's response also shows that.

Replying to

and

Pretty sure you didn't read what I said.

Replying to

and

You're saying that there was implicit trust in the University before, but a random user wouldn't have that, and so their patches would receive more scrutiny?

Replying to

and

Yes

Replying to

and

OK so I did understand correctly. So to reiterate, I believe that anyone could submit a patch to the Linux kernel introducing an intentional vulnerability, and I believe that the research as well as Greg's response support this.

Replying to

and

I don't believe that there was a strong implicit trust attached to the edu email, and Greg as much states that patches don't review that kind of scrutiny. It's no one's fault really, it's not practical to expect them to catch bugdoors.

Replying to

and

Your beliefs are incorrect, then.

Replying to

and

The patches for the study were not submitted from university email addresses. Even if that was the case, which it wasn't, anyone attending the university gets those email addresses as do alumni in many cases.

Replying to

People regularly sell access to those emails due to exclusive products, etc. for US university students. You can go to eBay right now and pay for access. It costs a few dollars. Not relevant to this but that would be a pretty weak argument if it was how they were submitted.

10:14 PM · Apr 22, 2021Twitter Web App