lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706150614.33558.dhazelton@enter.net>
Date:	Fri, 15 Jun 2007 06:14:33 -0400
From:	Daniel Hazelton <dhazelton@...er.net>
To:	Bernd Paysan <bernd.paysan@....de>
Cc:	david@...g.hm, Alexandre Oliva <aoliva@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Kevin Fox <Kevin.Fox@....gov>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Friday 15 June 2007 05:30:09 Bernd Paysan wrote:
> On Friday 15 June 2007 01:46, david@...g.hm wrote:
> > if you cannot modify the software that runs on your Tivo hardware you
> > haven't tried very hard.
>
> Yes, but the GPLv2 clearly says that you don't have to try very hard. The
> preferred form of modification has to be distributed. I can run a
> decompiler or disassembler on a program, and I can even modify it in place
> with a hex editor (I have even modified programs in embedded ROMs by using
> focussed ion beam, so I know you can modify every program if you try hard
> enough). It's certainly possible to crack Tivo's firmware to accept my own
> signature, but it's *not* the preferred form of modification, the source
> code and Tivo's key for the signature.

How is a signing key part of the "preferred form for modification"? It isn't a 
requirement to *modify* anything, just to *replace* something. (And I am 
*NOT* going to explain why "replace != modify" again)

> Since Tivo's firmware only accepts a signed kernel, the combination of
> kernel+signature is the binary they ship. The kernel itself is useless, the
> signature as well. Therefore, you can imply that Tivo's key is part of
> the "other stuff" the GPLv2 mentions, because you need it to recreate the
> same code as Tivo did and shipped (compilers insert timestamps and such),
> and to modify that code. The source code is just a mean, the thing they
> shipped is the end (the binary), and they have to comply with the GPL for
> that binary - which by all means of practical understanding includes the
> signature.

I can find no such requirement in the GPLv2. In fact, it actually says that 
you don't even have to be able to *USE* the program. See section 12 of the 
GPL if you don't believe me.

> "You can imply" means: It depends on court and legal system. I'm quite
> confident that in Germany, the legal system might favor the "GPLv2 does not
> allow tivoization" point of view, and in the USA, the legal sysem might do
> the opposite.

In light of the d-link case, I'm pretty certain that the German Courts 
interpretation of the GPLv2 makes "Tivoization" a violation. In the US I can 
say that the result would be "GPLv2 does not disallow tivoization". As I've 
pointed out in other posts, the GPLv2 actually *limits* itself to three 
specific "activities". Whether it was intended to "incidentally" cover other 
things or not, it does *clearly* state what it's scope is. If that scope *IS* 
*NOT* the intent of the person and/or person who authored the license, that 
text *SHOULD* *NOT* exist.

DRH

-- 
Dialup is like pissing through a pipette. Slow and excruciatingly painful.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ