lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 18 Jun 2007 09:22:21 +1000
From:	Bron Gondwana <brong@...tmail.fm>
To:	Chris Adams <cmadams@...aay.net>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Sun, Jun 17, 2007 at 04:58:40PM -0500, Chris Adams wrote:
> Once upon a time, Jesper Juhl <jesper.juhl@...il.com> said:
> >Let's say I'm the owner of a company selling some device that uses a
> >GPLv2 OS and some GPLv2 applications to do the job. Let's say that for
> >some reason I don't want the end users of my device to tinker with the
> >software inside my device.  Obviously I release the source for any
> >modifications I may have made, but I use the hardware to prevent users
> >from installing modified versions on the device (basically I TiVO'ize
> >the device).
> 
> BTW: Another reason a vendor might lock down the device is for security.
> For example, Juniper routers (which now run a significant portion of the
> "core" of the Internet) run FreeBSD on the routing engine.  They include
> several GNU software utilities (for example gawk, diff, and gdb).
> Starting with JUNOS 7.6 (IIRC), end-users can no longer build and run
> their own binaries on the routing engine.  This means that the GPLv2
> code cannot be modified in-place (similar to TiVo altough done using
> different means).
> 
> The reason is that if there ever is a security hole in the routing
> engine software (FreeBSD kernel, OpenSSH, etc.), it would be a really
> bad thing if crackers could load arbitrary software (rootkits, spam
> software, etc.) directly on Internet core routers.  If you think spam
> zombies on cable modems or DSL are bad, imagine them on 100 megabit
> links!

To be fair here, this could also be accomplished by having to flip a
physical switch on the router, especially if you did something funky
like:

[---] push this button for a 5 minute access pass to upload new
      software through physical cable port 1.

More complex, but not unreasonable.

Bron.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ