Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for October 16, 2003LinkSys and binary modules In response to pressure from the Free Software Foundation and the community, LinkSys has made a new tarball available containing the source for the firmware running in its WRT56G wireless router. This new source distribution (available here; get the 1.41.2 version) contains a good deal of new code, including the modifications to the kernel to support the Broadcom 4702 processor. Many of those who have been pursuing this particular GPL violation case are now satisfied.The celebration is not universal, however; the new kernel source still lacks the driver for the wireless interface. Unlike the other kernel modifications found in the WRT54G router, the wireless interface is packaged as a separate, binary module. In the eyes of many, that packaging is sufficient to ensure that the driver is not a derived product of the kernel, and, thus, it need not be licensed under the GPL. But not everybody agrees. The status of binary modules remains the subject of a great deal of confusion; it deserves (yet another) look. There is a widespread impression that Linus Torvalds has issued a blanket exemption to the GPL for closed-source modules. There are only two problems with this idea: (1) it is not entirely true, and (2) the relevance of Linus's opinion is limited. On the first point, consider this pronouncement from Linus, issued almost exactly one year ago:
There is NOTHING in the kernel license that allows modules to be
non-GPL'd. The _only_ thing that allows for non-GPL modules is
copyright law, and in particular the "derived work" issue. A vendor
who distributes non-GPL modules is _not_ protected by the module
interface per se, and should feel very confident that they can show
in a court of law that the code is not derived.
On the second point, it suffices to remember that Linus is far from the only kernel copyright holder. He made a crucial decision years ago to not require copyright assignments from contributors, and, thus, to allow each contributor to retain copyrights on his or her code. As Linus's role has shifted from coding to rejecting contributions from others, the portion of the kernel code base carrying his copyright has shrunk. Linus can speak for himself, but not for the other kernel copyright holders. And some of the others are getting increasingly grumpy about closed-source modules. The crucial question here is whether a court would find that a kernel module is a derived product of the kernel itself or not. There is a difference of opinion on that score, to say the least. Eight years ago, Linus suggested that kernel modules, by virtue of the module API which only allowed modules to link to "logically independent" functions within the kernel, were not derived products. As others have pointed out, the list of functions available to modules is rather less controlled these days. 2.6 loadable modules have access to a great many kernel functions (a quick grep turns up over 8000 exported symbols) and require a great deal of inline code from the kernel header files. By some accounts, any code that is so intimately tied into the kernel must be a derived product. Others have taken the view that anything which can be unplugged and replaced is not a derived product. The existence of a plug-in interface creates a boundary which the GPL cannot cross. In some cases, this must be true; consider, for example, Linuxant's controversial new DriverLoader product. DriverLoader is a proprietary module which will interface Windows NDIS network drivers to the Linux kernel. The legal status of DriverLoader may be unclear, but nobody would argue that a binary Windows driver, when shoehorned into the Linux kernel in this way, becomes a derived product of the kernel. On the other hand, with a small (GPL-licensed) patch, the kernel could be opened to "pluggable" modules implementing proprietary network protocols, memory managers, schedulers, etc. This scheme, if considered legal, would allow proprietary code to be lodged within the heart of the Linux kernel. At that point, there would be no restriction on derived products at all. Another view, less often heard, notes that the kernel module loader checks the license of every module loaded into the system. If the module lacks a free license, the kernel complains, but loads the module anyway. One could argue that this behavior is an explicit acknowledgment that closed-source modules are permissible. The only way to get a definitive answer on the location of the GPL boundary will be to go in front of a judge. Even then, the answer is unlikely to be useful beyond the specific case considered there. In the LinkSys case, some developers are claiming that the source for the binary modules should be released even if they are not strictly seen to be derived products. This claim is based on the following language from section 2 of the General Public License:
If identifiable sections of that work are not derived from the
Program, and can be reasonably considered independent and separate
works in themselves, then this License, and its terms, do not apply
to those sections when you distribute them as separate works. But
when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on
the terms of this License, whose permissions for other licensees
extend to the entire whole, and thus to each and every part
regardless of who wrote it.
Some feel that the LinkSys WRT56G router is, indeed, a "whole which is a work based on the Program" and that the entire system must be licensed under the GPL if it is to be distributed legally. This view relies on the contract provisions of the GPL, and not just on copyright law; it is controversial, to say the least. By this reasoning, a Linux distribution with, say, a proprietary installer could be seen to be violating the GPL. In the end, this claim, too, can only be verified in a courtroom. Until then, the definition of a "whole" is subject to debate. The status of closed-source modules has always been somewhat unclear, and one gets the impression that the kernel developers have been happy to keep it that way. There is a strong desire to discourage such modules, but, seemingly, little wish to abolish them altogether. The system has worked reasonably well so far, but it may well be asking for trouble in the longer term. With the current state of affairs, it seems certain that, sooner or later, a company or individual holding kernel copyrights will take a proprietary module vendor to court. One of the best features of free software is the fact that users don't need to worry. The rights of users are broad and well defined; there is no equivalent of the Business Software Alliance looking for companies to raid. The distribution of closed-source kernel modules is an exception, however; nobody really knows if this distribution is legal or not. The free software community is not helped by this uncertainty; it really is past time to clarify the status of closed-source modules. Doing so will be a challenging task, but doing nothing will bring unwanted challenges of its own. The free software community does not need any more litigation, be it instigated by ourselves or by others.
Two views of the Unix philosophy We have recently received two books, both of which attempt to set down the Unix philosophy. This philosophy is said to underlie the work we all do with Linux, so discussions of it are worth a look. Maybe we can finally find out what we have been trying to do all these years.![[TAOUP cover]](/images/ns/taoup.jpg)
The first is The Art of Unix Programming by Eric Raymond (published
by Addison Wesley). We have
discussed this book before on these pages,
so a detailed look is not necessary at this time. Suffice to say that
Eric's book is now available in the stores. It is also available on the
net under a relatively restrictive Creative Commons license.
The other entry is Linux and the Unix Philosophy by Mike Gancarz, published by Digital Press. This book appears to be a fairly straightforward remake of Mr. Gancarz's The Unix Philosophy, published in 1994. References to Linux have been retrofitted in, but the book is little changed. If the underlying Unix philosophy is as enduring as these books would have us believe, a book from 1994 should still be current now. Unfortunately, Linux and the Unix Philosophy looks old; consider, for example, the author's advice that a function's parameter list should fit on a single line of an (80-column) screen. That might have been good advice for an old-style C function, but, in the modern world, where parameter names and types all go together, even a very short parameter list can take multiple lines. This book also ignores many of the features of modern Unix/Linux programming, including scripting languages (beyond the shell) and graphical interfaces. In Mr. Gancarz's view, all programs are small, and their functions are minimal; he even states that multi-column output has bloated the ls command excessively. Or consider:
Why has the metric of MIPS become such a hot issue in the computer
world today? Because as Unix usage has become more prevalent, the
use of small programs has proliferated as well. Small programs,
although they usurp little system memory when executing, derive the
most benefit from the injection of additional CPU horsepower.
This discussion does not fit your editor's world, where the best way to improve the performance of a system is often to add memory. The most interesting area of investigation, however, would be how the two books characterize the Unix philosophy. Happily, both of them provide nice sets of rules suitable for slides in any executive briefing - or a summary table in LWN. So, without further ado...
The further expression of these rules shows the relative age and limited scope of Gancarz's book. He talks about flat text files, while Raymond discusses the importance of transparent, textual network protocols as well. Raymond covers the network, modern languages, and the ups and downs of programming techniques as an integral part of his book; Gancarz has a brief "Brave New World" chapter at the end where he treats bleeding-edge technologies like the Internet, artificial intelligence, object-oriented programming, and Java. On the other side, Eric Raymond's tendencies are well known. The Art of Unix Programming can be verbose and gives a lot of coverage to Mr. Raymond's own work and beliefs. Most people would have found a way to write a Unix book without including quotes from famous people on the evils of gun control, for example. Both books neglect areas of great concern for any contemporary software developer. Neither will give as much help as the implementer of a web browser, office suite, or DVD player might like. No developer can afford to be unaware of security issues in the current environment, but neither author devotes any space to security. What is the Unix philosophy's approach to security? Silence in response to that question is all too telling. In the end, if your editor had to choose between the two books, he would go with The Art of Unix Programming, though both have their merits. Readers of either would be well advised to heed Mr. Raymond's last rule, however: distrust anybody who claims to know the "one true way."
Background on Citizens Against Government Waste After Citizens Against Government Waste (CAGW) issued a strongly-worded press release against the state of Massachusetts's initiative to move toward open systems, we at LWN decided to take a longer look at this organization's background and see why they might exhibit such hostility toward open source.According to CAGW's website, the group has been in operation since 1984. It is, according to its press materials "a private, non-partisan, non-profit organization" on a mission to eliminate "waste, mismanagement, and inefficiency in the federal government." It claims to be "nationally recognized as the source of information on government waste," with more than one million members. Apparently, Microsoft has been one of the corporate donors that provided funding to CAGW in the past. But the group prefers to remain mum on whether Microsoft continues to fund them and what other groups may be providing funding. We contacted CAGW directly to find out whether Microsoft is still donating money, and how they came to form their opinions on open source use in government. We spoke to CAGW President Tom Schatz, who also declined to specify whether CAGW is still receiving money from Microsoft and said that interested parties could examine CAGW's IRS 990 filing. CAGW is required to make this document available upon request, but is not required to provide the names of its donors. We located CAGW's filings for 2000 and 2001 online, but the donor information had been whited out. According to CAGW's website, about 85 percent of the organization's funding comes from individual contributors, with the remaining 15 percent coming from corporate and foundation gifts. In 2001, three contributors donated a total of $490,765 to CAGW, accounting for only 10 percent of the non-profit group's entire income of $4,898,720 for the year. In 2000, CAGW brought in $4,846,934 with a single anonymous donor of $150,000. If Microsoft or one of the foundations it supports is still a contributor to CAGW, the contributions are only a minor percentage of overall contributions. To be sure, CAGW does not exist solely as an apologist or mouthpiece for Microsoft. The organization tracks government spending in many areas unrelated to the software industry, and provides ratings for members of congress, according to their criteria of eliminating government waste. However, the group has been unrelenting in its opposition to the governments' antitrust suit against Microsoft, and was part of the "grass-roots" effort to stir up public support against the suit. The group made headlines after some of their form letters were mailed in by CAGW members who had died.
Citizens Against Government Waste, on the other hand, distributed
identical letters to citizens. Those varied only by the signature
attached. The two letters from beyond the grave came from the Citizens
Against Government Waste crop. According to the Times, family members
crossed out the names and signed for them. Another letter was sent from
"Tuscon, Utah," a city that doesn't even exist.
When news hit the wires late last month that Massachusetts may be favoring open source, CAGW was quick to oppose the idea -- apparently without bothering to get all the facts on the issue first. Schatz admitted that he later found that, contrary to the position stated in the release, Massachusetts was not barring proprietary vendors from competing for state contracts. Schatz says he will issue a second release with a correction "if something does come out in writing from the state...we've seen quotes, but nothing in writing." We asked Schatz if he opposes open source software in government, and he replied that he was not opposed to open source software but was opposed to a policy that prefers or requires single-sourcing.
We have been fairly consistent with support for the concept of
dual-sourcing a piece of equipment...the state needs to consider what
the best product is, what's going to operate most efficiently.
We also asked Schatz about the communist rhetoric contained in their "Mass. Taxpayers Hurt by Proposed Software Monopoly" release. Schatz denied that comparisons of Massachusetts' open source policy were designed to tie in with other comparisons of open source and free software to communism or socialism.
If you read any of our stuff... take a look at our porker of the month,
we're just as strong in our language... I may choose my words more
carefully next time. We're trying to raise an government issue, not an
issue with how people see the world. Communism won't be part of the next
press release.
Schatz also mentioned that CAGW group received a number of e-mails from the Linux community on the topic, and had discovered that the community does not appreciate comparisons to communism or socialism. He also noted that CAGW receives strong reactions to many of their releases, not just those on the topic of Linux or open source. A cursory search of CAGW's website did not turn up references to socialism or communism as metaphors for other government waste. The reader can judge for themselves whether the tone in other CAGW releases is similar to the tone of the "Proposed Software Monopoly" release. It may be that CAGW is poorly informed on the benefits of open source, and too easily swayed by pro-Microsoft studies. Schatz acknowledged that CAGW had not performed any studies independently to determine the cost benefits of open source products versus proprietary software.
We honestly don't have the expertise here to fight the studies, or to
make our own, we rely on things that are out there...since open source
is newer for government experience, we should probably wait and see how
it works and what the expenses are on the other side.
It's clear that CAGW carries a substantial amount of influence with a widespread public audience, and with elected officials. Open source advocates would do well to keep tabs on future pronouncements from the group, and to work toward politely educating CAGW on the benefits of free software and the unnecessary waste of government funds on proprietary software.
Page editor: Jonathan Corbet Security Open spam filtering rules considered harmful? Readers of LWN know that we have long been a fan of SpamAssassin. Your editor, whose personal spam load is approaching 500 messages per day, would long have ceased to function without it. Network life in the 21st century requires either a well-hidden email address, or some sort of effective filtering.SpamAssassin's extensive arsenal of tests has traditionally included checks for legitimate mail. In the past, mail which identified itself as having been created with certain free email agents or which contained a software patch was given some extra credit in the scoring process. Spammers have often found and exploited those tests; for a while, some of us were receiving mail which had been simultaneously "created" with mutt and evolution. The usual response to such activity has been to remove the tests in question. Most recently, some spammers have started adding fake PGP signatures (in full HTML glory) to their output, in the hopes of slipping past SpamAssassin. The PGP signature test was removed some time ago, but the exploit was still enough to inspire this News.com article which, among other things, says:
The attack on the software's filtering process highlights the
dangers of open-source projects, but it also reinforces the ability
of projects with active development teams to quickly respond to
such security holes.
The open nature of SpamAssassin's filtering is, thus, a "danger." Lest one become too concerned about the "dangers" involved in using SpamAssassin, however, there are a few things which should be kept in mind:
The real lesson from the PGP signature "exploit," most likely, is that negative tests will always be relatively easy for spammers to abuse. That will be why SpamAssassin 2.60 contains almost none of these tests. The most important point, however, is entirely different. For many of us, email is a vital connection to the world. It is natural to be concerned about trusting a program to filter our incoming mail for us; mistakes can have real consequences. Would you really want to trust your mail to a hidden, proprietary filtering scheme? Don't you want to know what assumptions and biases have gone into the filtering decisions? Or, at least, don't you want that information to be available to those with the time and interest to check it out? Allowing a black box to pass judgment on one's incoming mail stream poses more dangers than an open, free system ever could.
New vulnerabilities glibc - buffer overflow
tomcat4: denial of service vulnerability
Updated vulnerabilities 2.4 kernel - several vulnerabilities
apache2: Denial of Service vulnerability
cfengine: stack overflow
ethereal: security problems in Ethereal 0.9.12
Filename disclosure vulnerability in fam
fetchmail: buffer overflow
glibc: DNS stub resolvers contain buffer overflow vulnerability
gnupg: key validation
gtkhtml: malformed messages cause crash
KDE: Two issues in KDM
kernel-utils: setuid vulnerability
libpng, libpng3: buffer overflow
mikmod: buffer overflow
mplayer: remotely exploitable buffer overflow vulnerability
mysql: arbitrary code execution
Nessus NASL scripting engine security issues
net-snmp: denial of service vulnerability
nfs-utils xlog() off-by-one bug
openssh: timing attack leads to information disclosure
openssl: vulnerabilities in ASN.1 code
postfix: denial of service vulnerabilities
PostgreSQL - more buffer overflows
proftpd: remote root shell
Multiple-use vulnerability in Safe.pm
sane-backends: several vulnerabilities
sendmail: remotely exploitable buffer overflow
stunnel: signal handler reentrancy DoS
File overwrite vulnerability in tar and unzip
Multiple vendor telnetd vulnerability
unzip: directory traversal vulnerability
vim - modeline vulnerability
webmin: session ID spoofing
wget: buffer overflow
XFree86 4.3.0 integer overflows in font libraries
xinetd: Memory leak in xinetd 2.3.10
Resources This month's CRYPTO-GRAM Bruce Schneier's CRYPTO-GRAM newsletter for October is out. This month's topics include the future of surveillance, the expanding use of the "Patriot" act, pirating movies, identity cards, and the security risks of monocultures. "The upshot of this is that you should consider the possibility, albeit remote, that you are being observed whenever you're out in public. Assume that all public Internet terminals are being eavesdropped on; either don't use them or don't care. Assume that cameras are watching and recording you as you walk down the street. (In some cities, they probably are.) Assume that surveillance technologies that were science fiction ten years ago are now mass-market."
Linux Security Week The October 14 issue of Linux Security Week from LinuxSecurity.com is available.
New CERT Coordination Center (CERT/CC) PGP Key CERT has adopted a new PGP key which will be used in its outgoing email. See the announcement for details on how to get the new key. Apparently the passphrase for the previous key was spread a little more widely than CERT had intended.
Events FIRST Conference The 16th Forum of Incident Response and Security Teams (FIRST) will be held June 13 to 18 in Budapest, Hungary. The call for papers is out now, with a submission deadline of December 1.
Page editor: Jonathan Corbet
Kernel development Release status Kernel release status The current development kernel is 2.6.0-test7; there have been no development kernel releases in the last week.Linus's BitKeeper tree does contain a pile of patches, most of which are stability fixes as one would expect. It also includes a (controversial) patch to allow kernel threads to handle signals properly, a fix for a possible interrupt handling deadlock, and a workaround for the AMD Opteron prefetch bug. The current stable kernel is 2.4.22. Marcelo released 2.4.23-pre7 on October 9; it includes Jens Axboe's laptop mode patch, a new MegaRAID driver, BIOS enhanced disk detection support, USB gadget support, and various other fixes and updates. The plan is apparently to get the first release candidate out within a month.
Kernel development news Looking forward to 2.7 Some attention has been given to the "2.7 thoughts" list which has been circulating on linux-kernel. Looking forward to what can be done in the next development series can be an interesting exercise. In this case, though, the exercise has mostly been carried out by people who will not actually be doing the work; as a result, the list has been dismissed by a few kernel hackers; one called it "crackpot wishlist gunk."So what are the crackpots wishing for? Some of the items they want (marked "mandatory features" on the list) are already in the works; these include support for CPU hotplugging, full NTFS support and virtual machine support. Others are somewhat vague, including "complete user quota centralization" and "improve kobject model for security, quota rendering." And some will never happen; there is just not a whole lot of call for features like an in-kernel Gopher server or a /proc implementation of the loadable module tools. Kernel hackers have far more respect for code (and those who produce it) than they do for list makers. The 2.7 thoughts list may yet inspire somebody to do some hacking, but its influence on the development process is likely to remain small. A more interesting view into what could happen with 2.7 might be found in a conversation between Linus and Joel Becker of Oracle. The discussion turned to what information was needed from the kernel to perform direct I/O, which lead to this outburst from Linus:
Have you ever noticed that O_DIRECT is a piece of crap? The
interface is fundamentally flawed, it has nasty security issues, it
lacks any kind of sane synchronization, and it exposes stuff that
shouldn't be exposed to user space.
Linus went on to wish an early death upon disk-based databases; he seems to think that all but the largest databases should just be done in-memory. Direct I/O does bring its share of problems. It is hard to keep the kernel page cache in a coherent condition when I/O operations are allowed to circumvent it; page cache confusion can lead to corrupted data. Getting good performance out of direct I/O is hard unless asynchronous I/O is used as well. Direct I/O can also confuse the disk I/O scheduler by creating request patterns (especially overlapping requests) which don't otherwise happen. In other words, the direct I/O idea is hard to get right for both kernel and user space. But systems like Oracle do need some of the capabilities that direct I/O provides. They need to be able to move large amounts of data without polluting the page cache with stuff that will not be used. Databases which use shared storage need to be able to force data to be reread from disk when another system has changed it. Large applications also tend to have a better idea of how their access patterns work than the kernel does; they know when a particular block of data will not be used any more. The need for the level of control and performance direct I/O can provide will persist, whether it | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[LATUP cover]](/images/ns/latup.jpg)