lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.61.0611011204140.23977@yvahk01.tjqt.qr>
Date:	Wed, 1 Nov 2006 12:21:48 +0100 (MET)
From:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
To:	Alexey Dobriyan <adobriyan@...il.com>
cc:	Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Blacklist hsfmodem module


>It seems, hcfpcimodem-1.10full.tar.gz from
>http://www.linuxant.com/drivers/hcf/full/downloads.php
>also uses GPL\0 trick.
>
>Patch is obviously not tested (and I'm not sure name is right, got it from
>Ubuntu forums and tarball filename),
>
>Does someone know internal contact so we can weed out all names and
>blacklist them in bulk?


Could not we introduce some compile-time magic that makes sure no extra 
NULs are present? Like...

Consider
  MODULE_LICENSE("GPL\0foobar");
generating an extra symbol
  static const __rodata int __module_license_length = sizeof("GPL\0foobar");

And in the module loader, check:
  if(strcmp(__module_license, "GPL") == 0 &&
  __module_license_length == sizeof("GPL"))
  {
        allow;
  }

That should weed out all those pesky GPL-override attempts, without needing to
blacklist every single module. After all, HSF (or whoever else is blacklisted)
could just change their module's name from hsfmodem.ko to hsf_modem.ko, for
example.

linux/license.h could look like this:

<<<
#ifndef __LICENSE_H
#define __LICENSE_H

#define strcmpexact(given, required, length) \
	(strcmp((given), (required)) == 0 && (length) == sizeof(required))

static inline int license_is_gpl_compatible(const char *license, int len)
{
	return strcmpexact(license, "GPL", len) ||
	       strcmpexact(license, "GPL v2", len) ||
	       strcmpexact(license, "GPL and additional rights", len) ||
	       strcmpexact(license, "Dual BSD/GPL", len) ||
	       strcmpexact(license, "Dual MIT/GPL", len) ||
	       strcmpexact(license, "Dual MPL/GPL", len);
}

#undef strcmpexact

#endif
>>>


	-`J'
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ