lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47A6E742.80408@otello.alma.unibo.it>
Date:	Mon, 04 Feb 2008 11:21:54 +0100
From:	Diego Zuccato <diego@...llo.alma.unibo.it>
To:	David Newall <davidn@...idnewall.com>
Cc:	Greg KH <greg@...ah.com>, Christer Weinigel <christer@...nigel.se>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] USB: mark USB drivers as being GPL only

David Newall ha scritto:

> This does, of course,
> disadvantage Linux with respect to many classes of devices, for example
> GSM transceivers when used in those parts of the world^ where regulatory
> requirements prohibit modification of power or frequency settings, which
> effectively prohibits open-source driver.
Why "of course" ?
In the cited example it's illegal to go outside certain parameters 
SOMEWHERE (if it was illegal everywhere, the the hardware shouldn't 
allow it and the sw could do nothing... not considering hw mods).
Another example is WiFi: USA, Europe and Japan allows a different number 
of channels. But every AP I have had simply asks which country the user 
is in, then allows only a limited choice for the channel to use.
If I'm in Europe but tell my AP that I'm in Japan, it lets me choose 
channel 13 (Europe allows up to ch 11). If the "cops" find it out, they 
prosecute ME, not my AP! It's not a TECHNICAL limit, it's a LEGAL one.
So there's no point in keeping a driver closed *just* because else 
someone could hack it to make it work outside the allowed parameters: 
even a closed driver is hackable (just reverse engineer it...).

Think about this scenario: a closed source driver contains:
if(power<100)
	setpower(power);
else
	setpower(100);
to limit tx power and make it legal. Then the user finds this 100 and 
replaces it with 255 (inside the binary-only module), actually allowing 
for more than twice (if power is in mW) the legally permitted power.
Is it legal?
I don't think so (and I doubt you can find any lawyer that does). But 
it's not THE DRIVER that's doing something illegal. It's THE USER.
It would be equally illegal if the driver was open source. Simpler to 
do, but equally illegal.
Another example: how do you detect, from a driver, if the user actually 
got a license/permission from the government (somewhere it's needed, or 
you need to pay an annual fee) to use the device? You can't. Does this 
missing check make the device illegal? Nope. Just its USE.

I stop here cause it's already too OT.

BYtE,
  Diego.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ