lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20061023064114.49794.qmail@web32403.mail.mud.yahoo.com>
Date:	Sun, 22 Oct 2006 23:41:14 -0700 (PDT)
From:	Giridhar Pemmasani <pgiri@...oo.com>
To:	Chase Venters <chase.venters@...entec.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: incorrect taint of ndiswrapper

--- Chase Venters <chase.venters@...entec.com> wrote:

> On Monday 23 October 2006 00:40, Giridhar Pemmasani wrote:
> > It seems that the kernel module loader taints ndiswrapper module as
> > proprietary, but it is not - it is fully GPL: see
> > http://directory.fsf.org/sysadmin/hookup/ndiswrapper.html
> 
> Indeed. 'ndiswrapper' is intentionally tainted by kernel/module.c because
> it 
> is used to load and run unknown binary / proprietary code in kernel-space.
> If 
> this unknown binary / proprietary code were to contain a bug (which all
> code 
> of that complexity tends to), it might write to memory it doesn't own, or 
> coerce a device to do so on its behalf, making a kernel crash dump analysis
> 
> into a wild goose chase (hence the reason for kernel taint).

Yes, I agree on the purpose of tainting the kernel.

> > Note that when a driver is loaded, ndiswrapper does taint the kernel (to
> be
> > more accurate, it should check if the driver being loaded is GPL or not,
> > but that is not done).
> 
> Are you saying ndiswrapper voluntarily calls add_taint() whenever it loads
> an 
> NDIS driver?

Exactly - the loader within ndiswrapper taints kernel versions 2.6.10 and
newer (older kernels don't have a way of tainting the kernel). The code is in
loader.c in ndiswrapper.

> Are there even any examples of GPL-licensed NDIS drivers?

I don't remember off hand, but sometime back there was discussion on related
topic of weather ndiswrapper should be in debian-main or not, and someone
pointed out a GPL ndis driver. (BTW, after much discussion on debian devel
list, the developers agreed that ndiswrapper belongs in debian-main.)

Giri

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ