lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Jun 2007 12:40:20 -0700 (PDT)
From:	david@...g.hm
To:	Michael Poole <mdpoole@...ilus.org>
cc:	"H. Peter Anvin" <hpa@...or.com>,
	Tomas Neme <lacrymology@...il.com>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Wed, 20 Jun 2007, Michael Poole wrote:

> david@...g.hm writes:
>
>> this is very much NOT true. if you take the source the provide you can
>> compile a kernel that will run on the tivo, the only thing you have to
>> do (on some models) is to change the bios to skip the step that checks
>> if the kernel has been tampered with.
>
> If we are opining whether Tivo provided complete source code for their
> Linux kernel images, the requirement to change non-GPLed software as a
> condition to exercise GPL-protected rights speaks for itself.

no, the GPL protected rights don't say anything about the hardware the 
system runs on.

you are saying that the GPL now controls what the BIOS software is allowed 
to do or not allowed to do.

that's a seperate body of code that is in no way derived from the linux 
kernel (even the anti-tampering functions would work equally well with 
other Operating systems and are in no way linux specific). it's no even 
loaded on the same media (the BIOS is in flash/rom on the botherboard, the 
OS is on the hard drive)

and note that the software that is checked to make sure that it hasn't 
been changed includes much more then the kernel. it checks the kernel and 
the initrd.

> Out of curiosity, what do you have to do on models besides those?  Are
> newer models more or less restrictive in what they run?  If newer
> models are more restrictive, I think that also speaks to whether Tivo
> thinks it is conveying complete source code.

newer models do tend to be more restrictive, but they also tend to connect 
to more propriatary networks (satellite or cable)

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ