lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 30 Aug 2013 16:35:18 +0200
From:	Richard Weinberger <richard@....at>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	torvalds@...ux-foundation.org
Subject: Acceptance of proprietary kernel modules

Hi,

over the last  months I've reviewed lot's of Linux based products, mostly networking related
devices like firewalls, WiFi access points, DSL routers, IPMI, etc...
The vast majority of them had proprietary kernel modules loaded.
I'm not talking about single self contained device drivers. In the wild you'll find whole kernel
subsystems such as complete firewalling stacks, deep packet inspection, IPsec implementations, anti virus scanners, network introduction detection systems (yes, in kernel!),
protocol implementations like MPLS, in-kernel VNC servers, and so on as proprietary kernel modules.

Of course, all of them use EXPORT_SYMBOL() symbols only, but nobody can tell me that
these modules are self contained and not a derived work of the kernel.
One vendor even applied a patch on the kernel which did a s/EXPORT_SYMBOL_GPL/ EXPORT_SYMBOL/g on a few files, but that's a different story.
Reading the disassembly of said modules showed that most of them are clearly designed to run only on Linux. (e.g. every single function references a random Linux kernel symbol).
It's not like NVIDIA's GPU driver which clearly is designed to work on many operating systems and Linux is one of that.
I have the feeling that such doubtful modules are no longer isolated cases, they are the common case.

This leads me to one question.
Have we reached a state where proprietary kernel modules are just accepted and nobody cares?

Thanks,
//richard

P.s: My goal is not to start a GPL-violator witch-hunt.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ