lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 23 Oct 2006 20:11:35 -0700
From:	Randy Dunlap <rdunlap@...otime.net>
To:	Giridhar Pemmasani <pgiri@...oo.com>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, linux-kernel@...r.kernel.org
Subject: Re: incorrect taint of ndiswrapper

On Mon, 23 Oct 2006 19:43:47 -0700 (PDT) Giridhar Pemmasani wrote:

> --- Alan Cox <alan@...rguk.ukuu.org.uk> wrote:
> 
> > Taint is used to identify situations where debug data may not be good,
> > that may be proprietary or other dubiously legal code, it may be forcing
> > SMP active on non SMP suitable systems, it may be overriding certain
> > options in a potentially hazardous fashion. Taint exists primarily to
> > help debugging data analysis.
> 
> I have read the history of the patch that marked ndiswrapper as "proprietary
> module", which is not correct (and that was the point of my original post).
> All the posts realted to this referred to issues with loading binary code
> into kernel (and since ndiswrapper does taint the kernel when a driver is
> loaded, this again is misplaced).

The kernel should not depend on a not-in-tree kernel module to
taint the kernel.  The kernel can and should do that itself.

(big) If ndiswrapper were ever added to the kernel tree, then that would
be a reasonable place to do/add the tainting.

> > EXPORT_SYMBOL_GPL() is used to assert that the symbol is absolutely
> > definitely not a public symbol. EXPORT_SYMBOL exports symbols which
> > might be but even then the GPL derivative work rules apply. When you
> > mark a driver GPL it is permitted to use _GPL symbols, but if it does so
> > it cannot then go and load other non GPL symbols and expect people not
> > to question its validity.
> 
> I was not fully aware of this issue until now (I have read posts related to
> this issue now). Does this mean that any module that loads binary code can't
> be GPL, even those that load firmware files? How is
> non-GPL-due-to-transitivity going to be checked? Why does module loader mark
> only couple of modules as non-GPL, when there are other drivers that load
> some sort of binary code? It is understandable to mark a module as non-GPL if
> it is lying about its license, but as far as that is concerned, ndiswrapper
> (alone) is GPL.

---
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ