| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Feb 2008 15:25:40 +0100 From: Diego Zuccato <diego@...llo.alma.unibo.it> To: David Newall <davidn@...idnewall.com> Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] USB: mark USB drivers as being GPL only David Newall ha scritto: > That's naive, since requirements differ in different jurisdictions, as > I'm sure you are perfectly aware. Naive? Who thinks a limit can be enforced by sw is naive! He's missing a little detail: Internet. :-) > Precisely: One purpose of the driver is to enforce local compliance. It can't *enforce* it anyway, at least if the users are all around the world. At most it can *suggest*. Then it's up to the user to make sure to meet the local laws. >> But linear amplifiers are commonly sold. And (at least in Italy) it's >> not illegal to buy one, even if it can boost antenna power to 1000W. >> It's illegal just to USE it. > In Australia it's illegal to own them (CB licensee; HAMs are allowed to > use them, although not on 27Mhz.) Then Australian shops can ask for the licence. And what about online shops? Ebay? They'll send you an unmarked package (same as letting you download another country's driver). The result is that you can have your LA more easyly than going to a local shop or tampering with your CB (or tampering whith the local version of the driver). >> And it's a logical problem, too: why should the *driver* enforce a >> *technical* limit? > That's part of it's purpose. It permits a manufacturer to make a global > device that operates within local restrictions. Nope. The driver should simply make the device WORK. The USER must make sure to meet the local regulations. The driver can help, but as long as it asks the user a country setting, its enforcement is nearly nothing! The simpler way for the user to trick it into using illegal settings is simply to lie! It's like if your LA had a switch on it, allowing you to select the country. Another example. Think about what happens if you're right: the user gets caught with a WiFi card operating on an illegal channel, but the system appears correctly configured (location-wise). When analyzed, it turns out that, due to a bug in the driver, the card uses that channel (for example 13) because the user only changed the country setting when flying back from Japan (where he used channel 13) and channel limiter didn't kick in. Is the manufacturer responsible? If you're right, he is and must pay, remove that device from shops and replace sold ones. Or at least make sure all users update their drivers with others without that bug... A real can of worms... BYtE, Diego. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists