lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070615154200.GA17172@elte.hu>
Date:	Fri, 15 Jun 2007 17:42:00 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Michael Poole <mdpoole@...ilus.org>
Cc:	Daniel Hazelton <dhazelton@...er.net>,
	Alexandre Oliva <aoliva@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>,
	"david@...g.hm" <david@...g.hm>,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3


* Michael Poole <mdpoole@...ilus.org> wrote:

> > I.e. you cannot just cleverly define "source code" to include 
> > something unrelated and then pretend that it's all in one work. And 
> > that's exactly what the GPLv3 does: it creatively defines the 
> > hardware's key into the 'source code' of the software and then asks 
> > for that to be provided _not_ because somehow the key derives from 
> > the software (it clearly does not), but as a "compensation" for the 
> > right to redistribute! I.e. it's trying to extend its scope to some 
> > item that is not part of the software. See?
> 
> No.  The GPL does not care about the hardware's key, as I pointed out 
> in the part of my email that you cut out.  The GPL cares about the key 
> used to generate an integral part of the executable form of the GPLed 
> work.  The executable does not function properly if it lacks that 
> part. [...]

it is a false statement on your part that the executable "does not 
function properly" if it lacks that part. Try it: take out the harddisk 
from the Tivo (it's a bog standard IDE harddisk), put into a nice Linux 
PC, mount it, modify a bit in the kernel image header and it will likely 
still boot just fine on that PC.

now if you put the harddisk back into the Tivo, the Tivo's bootloader 
will refuse to run that modified kernel. So will it (and any Linux 
bootloader) refuse to load the kernel if you corrupt the compressed 
format and the gunzip function finds a CRC error. You cannot run 
arbitrary binaries on hardware without knowing the properties of that 
hardware. One such property of the hardware might be: "i only run 
applications that use at most 500 MB of RAM" - because ... the hardware 
might only have 512 MB of RAM. Another property of the hardware might 
be: "i will only trust and run applications that match a given 
signature". Dont buy that hardware if you dont like its inherent 
limitations!

The modification the GPL talks about is about modification of the SOURCE 
CODE. But if you have a new binary, you have no expectation of being 
able to run that on a piece of hardware. It might or might not run. (for 
example if you modified the software to include a 1 GB static array then 
the software might not work on a system that has only 512 MB of RAM.)

go download the Tivo Linux kernel from:

  http://dynamic.tivo.com/linux/811/linux-2.4.tar.gz

modify and build it. Boot it on your general purpose PC. It will quite 
likely work just fine!

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ