lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Jun 2012 12:43:13 -0700
From:	Greg KH <gregkh@...uxfoundation.org>
To:	Alex Lyashkov <umka@...udlinux.com>
Cc:	Matthew Garrett <mjg59@...f.ucam.org>,
	linux-kernel@...r.kernel.org, rusty@...tcorp.com.au
Subject: Re: [PATCH] Taint kernel when lve module is loaded

On Fri, Jun 22, 2012 at 12:22:22PM -0700, Greg KH wrote:
> On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> > On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> > 
> > > Do you have a pointer to this code anywhere?  Lying about the license to
> > > the kernel is a pretty blatent thing to do and I'd like to have some
> > > people follow up on that issue.
> > 
> > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm 
> > - there's no corresponding SRPM in 
> > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and 
> > upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is 
> > listed as module author in the metadata.
> 
> Hm, and at least one reason it needs to be GPL is due to it using
> symbols I created, no fun.
> 
> Alex, can you please provide the source code for this module?  Or is the
> license that the code is saying it is, somehow incorrect?  If so, can
> you please fix it?  If you can't do this, is there someone else I should
> be contacting?

Also, I almost hate to ask this, but why in the world are you creating
sysfs binary files?  I really don't think you should be doing this, as
those are only for firmware and other "pass-through" things the kernel
uses to have userspace talk directly to hardware.

Odds are you can remove these files, and use the "correct" user/kernel
interface which will result in much better speed and handle things
properly for you, instead of abusing this interface.

Unless you really are talking directly to hardware, in which case, I'm
kind of interested to see what you are doing here, so the source code
would be greatly appreciated.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ