LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Wireless regulatory compliance

Wireless regulatory compliance

Posted Jun 7, 2007 14:59 UTC (Thu) by a9db0 (subscriber, #2181)
In reply to: Wireless regulatory compliance by ekj
Parent article: Wireless regulatory compliance

>> The user is responsible for not using tools in illegal ways. Not the tool. <<

Absolutely.

And there is a fairly compelling argument to be made that incorporating such a mechanism into the kernel indicates a willingness of the kernel maintainers to accept responsibility for such use, and possibly misuse.

I can see some lawyer making the argument that since the mechanism exists that his client isn't responsible for any misuse - such responsibility lies with the developer. And woe to the developer who finds himself in hot water with the regulatory agencies of some locality because some user misused code he wrote.

(Log in to post comments)

Wireless regulatory compliance

Posted Jun 7, 2007 23:17 UTC (Thu) by socket (guest, #43) [Link]

I think your argument conflates two issues: mechanisms/processes, and data. The kernel could provide a mechanism for userspace to tell it about valid frequencies/power levels the system can transmit on, and a means for enforcing those specifications.

In the boot-up process, something can tell the kernel about those specifications. The kernel really has to take userspace's word for it that the specifications loaded actually match the legal regulations for the user.

You're trying to say that the developer of a mechanism is responsible for every individual's use of that mechanism. If I tell the kernel that I have the right to transmit within the less restrictive rules granted by an amateur radio license (when in fact I don't have said license), what logic allows you to blame the kernel developer?

And if that logic is accepted, consider this: if someone gains root access on a system through a local privilege escalation issue, why shouldn't the kernel developers be held responsible for it on the basis that the implementation of privilege separation by user id is implemented in the kernel? Even if the cause of the problem was clearly based on the wrong user owning the file in question?

If the kernel developers have to accept responsibility for the legitimacy of the *data* that informs the rules of a more generic system, like file permissions or acceptable frequencies to transmit on, then how could anybody *other* than the kernel developers be responsible for *any* system (or spectrum usage) integrity issue? Clearly, this is nuts.

In the abstract, the process of deciding whether access is allowed needs to be provided information somehow (whether by a user or designer) about how to make that decision. The FCC seems to believe it should always be the designer, we mostly feel this causes more problems than it solves.

Blaming the access restriction mechanism for the validity of the data it's given to make its decisions presumes omnipotence on the part of the creators of that access restriction mechanism. Designers *can't* predict every use, and shouldn't be expected to. Kernel developers can't rightfully take the blame for my failures to choose the right permissions for my files, so neither should they take the blame for users specifying incorrect spectrum use rules.

And if the FCC can't understand this, they need some clue.

Wireless regulatory compliance

Posted Jun 8, 2007 1:48 UTC (Fri) by bronson (subscriber, #4806) [Link]

I suspect the GP was talking about bugs... If a developer accidentally writes code that allows illegal use, then is the developer negligent? Can the developer prove that exhaustive testing was performed? Are unit tests admissible in a court of law? :)

Wireless regulatory compliance

Posted Jun 8, 2007 15:52 UTC (Fri) by tzafrir (subscriber, #11501) [Link]

And proprietary code has no bugs?

Wireless regulatory compliance

Posted Jun 8, 2007 18:43 UTC (Fri) by jzbiciak (✭ supporter ✭, #5246) [Link]

Code that has gone through certification testing and is thereafter largely immutable may not be bug free, but it's certainly close enough. The problem is that free and open software is explicitly mutable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds