Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 19, 2007Apple buys cups One of the more strongly discussed bits of news over the last week is the announcement that Apple has bought CUPS (the Common Unix Printing system) and hired Michael Sweet, the project's primary developer. Indeed, this deal happened back in February; it just took a little while for the people involved to get around to telling the rest of the world about it. There is a great deal of concern over what this deal might mean, though most of it is probably unnecessary. Still, there are some lessons to be learned here.CUPS is an important part of our core infrastructure. Those of us who can think back to the days of trying to create lpr input and output filters to make a specific printer work can only be thankful that CUPS came along. It could easily be said that lpr lasted at least ten years longer than it should have, but, over that time, there were no real attempts to create a viable alternative. Projects like LPRng were mostly trying to create a slightly better version of the same thing. Then, there was the print system which Sun inflicted on users of early Solaris releases (who, as your editor can attest, were already suffering enough as it was); replacing that system with some version of lpr was a common thing to do. It took CUPS to implement contemporary printing protocols, support current hardware, and generally make the life of printer administrators easier - though, as any administrator who has lost a day to an obscure printer problem will say, things could get a lot better yet. CUPS has always been a corporate-owned free software project, meaning that it carries all of the potential problems that any other such project has. When a single company owns a project it can strongly control its development direction, take the code private, grant license exemptions at will, abruptly sell the code to somebody else, and so on. Many companies which own projects do many of these things. Dealing with corporations has its risks; it has often been said that the corporate personality is best compared to that of a schizophrenic adolescent. Even so, such relationships have worked out well for the free software community with very few exceptions. In this case, the ownership of CUPS has been passed from Easy Software Products (ESP) to Apple. Since contributors to CUPS are required to assign the copyrights to their work, ESP was entirely within its rights to make this sale. There are few constraints on what Apple can do with this externally-contributed code in the future; if it chooses, the company could certainly treat the code in ways that the original authors would not like. This risk is inherent in the transfer of copyrights; any free software developer who is contemplating signing a copyright transfer agreement should always think hard about who the receiving party is and what they could do in the future. The usual rule for dealing with companies - assume the person you negotiated the deal with will be immediately replaced by somebody who hates you - applies in this sort of situation. The worst thing that Apple can do, in any case, is to take future releases of CUPS private. The current, GPL-licensed releases will remain available and free. Should this happen, the community will have to pick up from the last free version and create a fork; it certainly would not be the first time such an action proved to be necessary. For now, though, the announcement of the sale says "CUPS will still be released under the existing GPL2/LGPL2 licensing terms, and I [Mr. Sweet] will continue to develop and support CUPS at Apple." Given that certain aspects of CUPS development - supporting hundreds of printers, for example - are best done in the community setting, it is not hard to believe that this state of affairs could continue indefinitely. Apple just might create enhanced versions of CUPS for its own operating system or as a commercial product. The company has already published a GPL exception policy allowing proprietary derived products to be made from CUPS - as long as they are distributed exclusively for Apple's operating systems. So Apple's version of CUPS might have shinier widgets or a few more printer drivers. Not the best of situations, but it is not all that different from the rights Sun gives itself with the OpenOffice.org code base. OpenOffice.org lacks features, fonts, and clip art found in StarOffice, but few OpenOffice.org users have complained that they felt cheated. Companies like MySQL make a nice living selling GPL exceptions to GPL-licensed code, including code contributed by outsiders. The real threat, perhaps, is that Mr. Sweet will find himself carrying a lot of Apple-specific responsibilities (his statement in the sale announcement carefully did not say how much he would continue working on CUPS) and that the rate of outside contributions might slow as developers worry about what Apple might do. That could significantly slow the rate at which CUPS moves forward, to the community's cost. One other potential problem is the CUPS trademark policy which has been announced by Apple. It requires permission to use the CUPS name with any derived product; a distributor who applies any patches at all, even security fixes, would be affected by this policy. The good news here is that, if this policy becomes a problem, the name of the print system could be changed to "mugs" or some such and few users would even notice. On the other hand, what this deal might do is bring more resources to the development of CUPS and contributions from a company which, for all its faults, is known to pay a great deal of attention to the end user's experience. Development could speed up and head in directions which make CUPS easier to use than it is now. That would be an outcome which would be hard to complain about.
A Tokyo trip report The free software community is truly global in scope - we are all over the world. A casual visitor might be forgiven for thinking otherwise, though: the people found on our mailing lists and in our code repositories are, to a great extent, based in Europe or North America. There is no shortage of talented developers elsewhere, but they are hard to see; they do not participate in our community at anywhere near the same level. We are clearly weaker as a result.
One attempt to improve this situation can be found in the Linux Foundation
Japan Symposium, held a few times each year in Tokyo. This event was
started by OSDL, and is being continued by the Linux Foundation. The idea
First, though, was an encounter with the Yokohama Linux Users Group, which had invited your editor to come talk seeing as he was in the neighborhood anyway. YLUG meetings, as it turns out, look much like LUG meetings just about anywhere: a couple dozen or so technical guys show up to hear somebody talk about free software. The beer and dinner (and more beer) gathering afterward was special, though; if more user groups included that sort of event, attendance at meetings would doubtless go up. The symposium itself began with presentations from your editor and Paul Menage, author of the process containers patch. One of the important features of this event is that it includes simultaneous translators; said translators were somewhat dismayed by your editor's habit of changing his talks (and slides) right up to the point where the laptop gets plugged in at the podium. Their presence is important, though: it allows attendees to follow the talks without having to struggle with a foreign language; they can also ask questions in Japanese and still have the presenters understand them. As it happens, language issues, while not on the formal agenda, were a big issue at this event. It is easy fall into the trap of believing that anybody who is sufficiently well educated to be part of our development community will, naturally, have learned the English language along the way. The truth of the matter is that there are many languages one could invest time in learning, English is a hard language (especially for those whose native language is far removed from English), and that many people who might have studied English for years have never really had a chance to use it enough to become truly proficient. English really is an obstacle for many potential contributors to our community. It slows down many developers, makes others afraid to participate in public forums, and blocks some entirely. One step which is being taken to improve this situation is the translation of a number of core kernel development documents into Japanese. The documents of interest are primarily process-oriented - those which tell prospective developers how the community works and how to get patches accepted. Translation of serious technical documentation would require quite a bit more work and would be hard to keep up to date, so that is less likely to happen. Japanese versions of the documentation seem unlikely to go into the kernel repository itself, so they will have to be hosted elsewhere; they should, in any case, provide a useful resource for Japanese developers hoping to begin with the kernel. The translators got to work in the opposite direction for a while as Akinobu Mita discussed his work on the fault injection framework. At any event designed to increase community involvement it is important to highlight the efforts of local people who have been successful; Mita-san's work, which makes it possible to find problems in difficult-to-test error recovery paths, is an important contribution to the kernel development toolkit. He has, recently, been posting fixes to a long series of bugs found through the use of fault injection, making the kernel more stable for everybody.
The second day consisted of smaller sessions where developers from Linux Foundation member companies could talk about their work and get questions answered. Fault injection was on the agenda again, as were various virtualization topics and the translation issue. Closing statements were made, and the event shut down until next time - scheduled for November. The key to building a community and keeping it together is good communication. By bringing in community developers, the Japan Symposium certainly succeeds in raising the level of communication with the Japanese community. There is no better way to learn about how a community works than to talk with those who are in the middle of it. This series of events might just be part of why contributions from Japan appear to be on the rise. A less obvious but equally important point is this: communication goes both ways. Any speaker who attends this event can only go away smarter, having learned something about how the wider world sees free software. That, too, can only be a good thing.
IBM pledges patent peace for interoperability IBM's recent patent pledge significantly lowers the bar for using their patents to implement software standards. Rather than specifying particular patents, IBM chose more than 150 different standards for interoperability, pledging not to assert any of their patents that are required to implement the standards. Along with the carrot of that pledge, there is also an implied stick for companies that might consider litigating over their own patents that are required to produce the standard. Software patents are generally problematic, but those which encumber technology standards can be especially so. When companies come together to form standards bodies, they have often agreed that implementations of the standard would be able to license any patents required, under so-called reasonable and non-discriminatory (RAND) terms. "Reasonable" is in the eye of the beholder, of course, and RAND terms have been used to lock out smaller companies from implementing patented standards along the way. Free and open source implementations are usually locked out, because "reasonable" terms almost always include royalties. Thus, RAND terms are usually discriminatory against free software. This has led some organizations, notably the World Wide Web Consortium (w3c), to move to an agreement that patents required to implement their standards be licensed on a royalty-free basis. This simplifies things, but requires some amount of bureaucracy as standards participants need to list relevant patents and create documents that state the nature of the royalty-free license. IBM's move circumvents all of that, by pledging not to assert patent claims against any implementation of the listed standards. The pledge not only covers free implementations, but competitive, commercial, closed source versions as well. The patents themselves do not need to be researched or listed as the pledge covers any that IBM has. It should be noted that this only applies to implementing the standards listed; IBM is not giving carte blanche to use their patented technology. The only caveat is that IBM will revoke the pledge for any implementor who asserts patent claims on a covered implementation - against IBM or any other party. For any of the standards listed, IBM is thus creating a "patent shield" for anyone who plays fairly, with the implication that unfair play - in the form of patent attacks - may be met with similar attacks from the rather extensive IBM patent portfolio. Because it is a pledge - not a license or agreement - projects or organizations that want to be covered by it need do nothing. There is no paperwork to file or license text to comply with. They will need to refrain from engaging their patent lawyers to attack others implementing the standards; this should be a constraint that most free software projects can live with. It is rather refreshing to see a company make a pledge that could plausibly reduce the amount of billable lawyer time required by technology companies. Patent lawyers may not agree, of course. The list of standards that are covered by the pledge is an impressive array of technologies, mostly web standards along with OASIS document format standards. The FAQ accompanying the pledge states that IBM will be evaluating additional standards for inclusion in the list. They clearly believe widely implemented standards are good for their customers:
IBM is making this Pledge to encourage broad adoption of open
specifications for software interoperability. Broad implementation of these
specifications can dramatically improve our customers' ability to
communicate data within and between their enterprises.
There is clearly a public relations aspect to this pledge, but one gets the sense that IBM truly does want to simplify the software patent landscape. They have, perhaps, the largest patent portfolio in the world, but they can also see the mess that software patents, especially patent trolls, are causing. If other companies make similar pledges, definite progress will have been made, at least for interoperability. Since it appears that software patents will be with us for a long time to come, at least in the US, any step forward should be cause for at least a bit of celebration.
Page editor: Jonathan Corbet Security SE-PostgreSQL uses SELinux for database security Security Enhanced Linux (SELinux) adds layers of security on top of the traditional discretionary access control (DAC) offered by UNIX-like systems to provide more fine-grained control over the operating system objects and data. The Security Enhanced PostgreSQL (SE-PostgreSQL) project seeks to provide the same kinds of fine-grained access controls to the PostgreSQL database engine, integrating those policies with SELinux. SE-PostgreSQL has just released its 1.0 beta and is encouraging users to report any bugs before the final 1.0 release. Traditionally, database systems use a permissions model that is similar to, but separate from, the underlying operating system permissions. Users are created within the database and granted access to various database capabilities, some of which they can pass on to others (which is a feature of DAC). In addition, database management systems (DBMS) have a privileged user that bypasses all of the permissions checks. For a system running SELinux, this situation is less than desirable, as most, if not all, of the carefully crafted policies, for restricting data access, are ignored by the DBMS. SE-PostgreSQL works with SELinux to apply its policies on top of the DBMS permissions, allowing the administrator the fine-grained access control, afforded by SELinux, within PostgreSQL. SELinux relies upon "security contexts", which are attached to each object in the operating system: files, directories, sockets, processes, users, etc. These contexts are permanently attached to the various objects and the SELinux policies then dictate how the contexts interact and what kind of operations are allowed to be performed. More information about SELinux and its enforcement mechanisms can be found on the project's webpage as well as in this introductory LWN article. In a standard PostgreSQL installation, a Linux user can present the credentials (username and password) of any database user and perform the database operations allowed for that user. Using SE-PostgreSQL, SELinux security contexts are associated with each table, row and column of the database. The SELinux policy arbitrator in the kernel is consulted for each database operation and they are either allowed or denied based on the combination of the user context and the database object context. The PostgreSQL user must still have the ability to perform the requested action as the PostgreSQL permissions are checked before the SELinux policies are even consulted. This two-tiered permissions system is probably unnecessary, so SE-PostgreSQL could completely replace the database permissions in secure installations. Because security contexts are attached to objects in the operating system, SE-PostgreSQL can alleviate a common problem with data migrating from the filesystem into the database. If filesystem data that requires an elevated level of security is inserted into a database table, that row will inherit the security context of the data. This will prevent users or processes with lower access capabilities from accessing it. Also, depending on the security context of the user querying the database, certain columns or rows may not be available and SE-PostgreSQL intercepts the queries and results, filtering them appropriately. Users will be able to see the query results they are allowed to access and no others. Another related project is PostgreSQL Access Control Extension (PGACE), which provides an interface for PostgreSQL to use the facilities of a secure operating system. This allows SE-PostgreSQL to use the SELinux facilities, but will also allow PostgreSQL to use the Trusted Solaris or other security-oriented operating system facilities. It is meant to provide a common framework of hooks that PostgreSQL can call to determine whether to permit or deny access. It is similar in spirit to the Linux Security Modules (LSM) interface which allows different security implementations to be used by the kernel. The development of SE-PostgreSQL was supported by the Exploratory Software Project of Japan's Information-Technology Promotion Agency. This project is aimed at funding young developers with new ideas and SE-PostgreSQL would certainly qualify. For security conscious companies using SELinux and PostgreSQL, a look at this project should be high on the list.
Security news Samsung printer drivers open up the system A LinuxFR reader has sent out an alert (in French) about the Samsung SCX-4200 printer driver for Linux. It appears that the driver author had some trouble with the Linux permission model; the response was to make a few applications run setuid root. A quick look at the install script shows that the affected programs are xsane, xscanimage, and the major OpenOffice.org components. The script also replaces some CUPS executables and does some other fun things. This seems like code to avoid for anybody wanting to run a remotely secure system.
HP joins the RHEL5 security certification party HP announced yesterday that it has been awarded Evaluation Assurance Level 4 (EAL4+) security certification for Red Hat Enterprise Linux 5 (RHEL5) running on various server and workstation platforms. HP/RHEL5 is certified with the same set of protection profiles used by in the earlier IBM/RHEL5 certification. "HP has been awarded EAL4+, the highest level of assurance for an unmodified, commercial operating system, for Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile, and Role-Based Access Control Protection Profile for Red Hat Enterprise Linux 5 on HP Integrity, ProLiant and BladeSystem platforms as well as select workstations and desktops."
New vulnerabilities curl: insufficient verification methods
firefox, thunderbird, seamonkey: multiple vulnerabilities
flac123: arbitrary code execution
flash-plugin: input validation flaw
LedgerSMB: authentication bypass
mysql: multiple vulnerabilities
tomcat: cross-site scripting
xnview: buffer overflow
X.org: temp file vulnerability
Updated vulnerabilities apache2: information disclosure
apache: multiple vulnerabilities
apache: cross-site scripting
Asterisk: two SIP denial of service vulnerabilities
avahi: denial of service
bugzilla: multiple vulnerabilities
clamav: denial of service
cups: denial of service
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
dar: weak cryptography
dovecot: directory traversal
emacs21: denial of service
evolution: format string error
evolution-data-server: malicious server arbitrary code execution
pop mail man-in-the-middle attacks
fail2ban: log injection vulnerability
fail2ban: denial of service
file: integer overflow
firebird: buffer overflow
firefox: multiple vulnerabilities
freetype: arbitrary code execution
freetype: integer overflows
gcc: file overwrite vulnerability
gd: buffer overflow
gd: denial of service
gfax: insecure temporary files
gimp: multiple vulnerabilities
HelixPlayer: arbitrary code execution
horde-kronolith: local file inclusion
ImageMagick: integer overflows
imlib2: arbitrary code execution
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Symposium
sign]](/images/conf/lfjs2007/sign.jpg)
is to bring a few community developers over for a couple of days and have
them talk with Japanese developers about what the community is up to and
how they can be a part of it. Your editor was lucky enough to be invited
to the July meeting where, between encounters with sushi, sake, and
Japanese beer, he was able to get some interesting work done.
![[your editor]](/images/conf/lfjs2007/jc-sm.jpg)