lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6a2ea1d8-1ea0-a283-2210-360e63f2fdaf@canonical.com>
Date:   Fri, 18 Jun 2021 11:20:41 +0200
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        David Laight <David.Laight@...lab.com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Christoph Hellwig <hch@....de>, Jessica Yu <jeyu@...nel.org>
Subject: Re: [PATCH 5.4 031/184] modules: inherit TAINT_PROPRIETARY_MODULE

On 18/06/2021 11:19, Greg Kroah-Hartman wrote:
> On Fri, Jun 18, 2021 at 09:07:53AM +0000, David Laight wrote:
>> From: Krzysztof Kozlowski
>>> Sent: 18 June 2021 09:57
>>>
>>> On 10/05/2021 12:18, Greg Kroah-Hartman wrote:
>>>> From: Christoph Hellwig <hch@....de>
>>>>
>>>> commit 262e6ae7081df304fc625cf368d5c2cbba2bb991 upstream.
>>>>
>>>> If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
>>>> for all modules importing these symbols, and don't allow loading
>>>> symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
>>>> imported gplonly symbols.  Add a anti-circumvention devices so people
>>>> don't accidentally get themselves into trouble this way.
>>>>
>>>> Comment from Greg:
>>>>   "Ah, the proven-to-be-illegal "GPL Condom" defense :)"
>>>
>>> Patch got in to stable, so my comments are quite late, but can someone
>>> explain me - how this is a stable material? What specific, real bug that
>>> bothers people, is being fixed here? Or maybe it fixes serious issue
>>> reported by a user of distribution kernel? IOW, how does this match
>>> stable kernel rules at all?
>>>
>>> For sure it breaks some out-of-tree modules already present and used by
>>> customers of downstream stable kernels. Therefore I wonder what is the
>>> bug fixed here, so the breakage and annoyance of stable users is justified.
>>
>> It also doesn't stop non-gpl out-of-tree modules doing anything.
>> They just have to be reorganized with a 'base' GPL module that
>> includes wrappers for all the gplonly symbols and then all
>> the rest of the modules can be non-gpl.
> 
> Ah, the "gpl condom defense".  Love it that you somehow think that is
> acceptable (hint, it is not.)
> 
> That's what this patch series is supposed to be addressing and fixing,
> but someone has shown me a way around this.   I'll work on fixing that
> up in a future patch series next week.

Greg, for real, no one argues with the patch in the mainline. But what
is the justification for stable kernel backport? How does it match the
rules of stable kernels?

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ