Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 27, 2004Documenting kernel code provenance Linus's request for discussion made his motivation clear:
Some of you may have heard of this crazy company called SCO (aka
"Smoking Crack Organization") who seem to have a hard time
believing that open source works better than their five engineers
do. They've apparently made a couple of outlandish claims about
where our source code comes from, including claiming to own code
that was clearly written by me over a decade ago.
He notes that the process of debunking these claims, while highly effective, has not been entirely fun. As a way of making life easier when the next SCO comes along, Linus is proposing a lightweight mechanism which would document how each patch finds its way into the kernel. In essence, this scheme would require each patch to contain at least one line like:
Signed-off-by: Some kernel hacker <skh@some.host>
One such line would be added by each person who handles the patch on its way to the mainline kernel. Together, these lines would document the originator of the patch and the path it took before it was merged. Each developer, by "signing off" on the patch in this way, would indicate that he or she has the right to submit it to the kernel under a free license - either by virtue of having written the code, or by having obtained it from a source which allows this form of redistribution. Companies which require review of code contributed to external projects can designate a person who must sign off on patches before they go out. This procedure is a far cry from, for example, the full-blown copyright assignment required from contributors to GNU projects. Contributions to the kernel will still require no physical, signed papers, no assignment of copyright, no indemnification, and no documented permission from the contributor's employer. The Free Software Foundation, with its assignment policy, is trying to set itself up as the owner and custodian of the GNU system, with clear title to the code, the ability to specify the license under which that code will be released and to enforce the terms of that license. The kernel hackers, instead, seem to feel that they can get by without such a custodian, wish to retain ownership of their code, and, as the netfilter team has demonstrated, they feel entirely capable of enforcing their own licenses. The kernel system is, instead, aimed entirely at documentation. The next time somebody questions the legitimacy of code in the kernel, it would be nice to be able to point out, quickly, exactly where the code came from. In this way, perhaps, people can spend less time digging through ancient mail archives and more time developing. For this reason, suggestions varying from GPG-signing of patches to the (poorly received) idea of adopting an ISO-9000 process will probably not be implemented. Some tweaking will probably happen, but whatever system finally gets adopted will remain a simple, lightweight documentation mechanism. While the new kernel contribution scheme is aimed at documenting future contributions, the just-launched Grokline project is trying to document the past. From the site:
This is an open, community-based, collaborative research project, a
living history, designed to carefully trace the ownership history
of UNIX and UNIX-like code with the goal of reducing, or
eliminating, the amount of software subject to superficially
plausible but ultimately invalid copyright, patent and trade secret
claims against Linux or other free and open source software.
The project has put together a basic Unix timeline, and is soliciting input from anybody who can help document where all this code came from. Grokline will, without doubt, yield no end of interesting historical information. One can't help wondering, however, if the community isn't gearing up to fight last year's war. The SCO Group has done us a tremendous favor by showing that (1) finding copyright infringements in free software (and the Linux kernel in particular) really is hard, and (2) the community will unite with devastating effect against anybody who seeks to profit from baseless attacks on free software. It is hard to imagine another company wanting to be the next SCO. The next time a copyright claim is raised against free software, the claimants will be well advised to have their evidence in place from the beginning - and to be right. If there is another SCO-scale war in our near future, it will probably not involve copyrights. It will be, instead, a patent fight. Unless it serves to establish prior art, documentation of the provenance of code will not be helpful in a patent case. It is also worth noting that the SCO case has forced a remarkable alignment of interests between many large, deep-pocketed companies and the broader free software community. That alignment of interests may well be absent in a patent battle. Next year's patent war may not be fought off as easily as this year's copyright and (formerly) trade secret suit. By all means, we should be documenting where our code comes from, and, in general, doing our best to ensure that it has been contributed legitimately. But it would be a mistake to believe that this documentation alone will be sufficient to defend us from all "intellectual property" charges.
Fedora: looking forward With the final release of Fedora Core 2 out the door, and on schedule no less, now might be a good time to take stock of the project and where it's going. Unfortunately, that's not as clear as one might hope.It's easy to see where the project is now, but the future is a bit more murky -- at least for those outside the project. For the most part, the Fedora Project seems to be meeting its goals. A quick glance at the objectives for Fedora Core shows that the project is meeting nearly all of its objectives. Fedora Core 2 contains a wide range of open source packages on the "leading edge" of development. The project has done well at sticking to release schedules, and at putting together a fine Linux distribution that more or less picks up where Red Hat Linux left off. What Fedora has not yet achieved, however, is a significant level of community involvement beyond simple testing of releases. The situation has not been helped by the project's recent change in leadership; Cristian Gafton assumed the position of Technical Lead in January, but some have complained about a lack of communication from Gafton about the project. A quick search of the Fedora devel archives gives some credence to this complaint: Gafton has only posted twelve messages to the Fedora devel lists since he assumed the Technical Lead position -- six in January, and six in May. We contacted Gafton to see if we could get a glimpse at the roadmap and find out whether the community will have an opportunity to become more involved in the development of Fedora Core 3 (FC3) and future releases. Here's what we learned. LWN: How long will FC1 remain "supported" now that FC2 is being released?
Our current plans are calling for issuing security updates for FC1 for
two-three months after Fedora Core 2 has been released. Realistically, once
the Fedora Core 3 test1 is out (or shortly after) I would expect the
development interest in the Fedora Core 1 to diminish and we will take a
formal look at declaring the End of Life for Fedora Core 1.
LWN: It looks like the project managed to stick to the schedule set for FC2 pretty well. In retrospect, was the schedule too aggressive or just right? Will the schedule for FC3 be as aggressive as this one? Any breathing room between FC2 and starting FC3?
We're all very happy with the fact that we have not run into any major
issues in our quest to incorporate the features we have planned for the
Fedora Core 2. Of course, the desire for more development time will always
be there, but I think that we have managed to put together a very good
schedule and we have managed to stick successfully to it. This is one of
those times where we come to appreciate the Red Hat developers' experience
and leadership in planning and managing an OS release, as well as the
resourcefullness demonstrated by Fedora development community.
LWN: Speaking of FC3, what can we expect to see in the next release? Do you have a clear picture of what the next release will include?
We will start having a public debate about what we will plan for FC3 pretty
shortly. As far as I am concerned, I will pay attention to the deployment,
testing and migration to the new GCC 3.4 SSE compiler base, further
refining of the SELinux techonlogy, and - of course - the new versions of
Gnome, Evolution, KDE that are planned for release in the next few
months. As of right now we have encouraged every developer to build up the
wish list for the next round, and through a public debate process we will
get a clearer picture of a feature list in the next couple of weeks.
Planning the release will require us to figure out what will be reasonable to expect to include and what would be our stretch goals. We will start this process in very short order, because we want to get a tentative schedule out as soon as possible, so that developers around the world will know what to expect. For the Fedora Core 2 release I have been happy to notice that some projects have attempted to syncronize their release schedules so that we will have an easier time integrating their new code bases in the Fedora Core. It is my sincere hope that this trend will continue, and we are aware of the fact that we have to give people plenty of time to plan ahead. LWN: According to the FC2 schedule, the SELinux functionality was considered "stop-ship" -- but it was disabled by default in the last test release. Is SELinux ready for mass consumption in the final FC2 release, or does it still require some polish before it's ready for prime time?
I think the SELinux functionality is pretty well cooked and I encourage the
seasoned users and developers to play with it. Unfortunately at this stage,
the implementation and management of the SELinux security policies are
complex tasks that require an advanced degree of familiarity with the inner
workings of the operating system.
The challenge we face in developing a default security policy is the balance one needs to strike between the level of security barriers deployed and the functionality people would reasonably expect out of this release. For example, can we subject third party applications, that are not aware of the security contexts, to a paranoid policy that most likely will prevent them from functioning correctly, or do we provide a more relaxed policy at which point the security advantages of SELinux are not so readily apparent? Also, the legacy of the discretionary access control setups will be a tough nut to crack - we found out that a lot of users still expected that the root account will be able to do and fix everything - an assumption no longer valid when running under SELinux. So, for the Fedora Core 2 we have decided to court the experienced users and developers to help us figure out the lines of compromise between the challenges posed by the SELinux policy - a sort of a continued beta program for refining what would be an acceptable set of defaults. Of course, this does not preclude the development of very strict or more relaxed policies as alternatives to the balanced default set. LWN: No doubt you've seen the parody published by Konstantin Ryabitsev about Fedora/Red Hat's interaction with the community. Though it's a bit over the top, it has raised quite a bit of discussion. Is it likely that RH will seek more involvement from the community in terms of setting the direction of Fedora? Will there be any changes in the way Fedora is managed in the near future?
This is and continues to be one of the challenges Red Hat faces - how do we
build an effective way of engaging more of the external development
community and how do we enable them to participate in this project. The
parody you are referring to, while an entertaining read, assumes a
political conflict out of the current state, when in fact the challenges we
are facing are logistical. We are talking about deploying a parallel
development process for the Red Hat developers, geared and built to support
external parties contributing code on various sections of the operating
system. This means planning and executing a huge change in everything
infrastructure-related inside Red Hat engineering, which has the potential
of causing big impacts in the other corners of our business, like support,
professional services and even sales. We are working hard on opening up our
infrastructure, but we have to do it responsibly and we have to be mindful
of the business impact we are going to cause on the commitments Red Hat
needs to fullfill as a publicly traded company. Oftentimes we internally
compare this process to working on a jet engine while it is running...
Our short-term plans include the opening of a source code management repository where the interested developers can follow closely the development activity of the Red Hat engineering team. We will also be revamping the fedora.redhat.com website, adding dynamic content to it and allowing people to start participating in forums and start oganizing according to their common interests. These are steps that are going to happen in the very few next weeks, in time for the start of the Fedora Core 3 development process. LWN: On the same topic, a lot of discussion has been comparing Fedora to Debian -- obviously, there are some serious differences in the way that both distros are put together. Would you say that the Fedora approach is better, or just different? Why?
Well, some things are better, some things are "different." The Red Hat
engineering team is more experienced at putting together high-quality,
commercial distributions. The planning, scheduling and focus we bring to
the process are superior, and by transforming the Fedora Project into a
community-focused release we now also have the flexibility of doing more of
what is right when it comes to setting up a schedule.
In the software development process there are always three factors that are at play: features, quality and development speed. In commercial software development one can always have only two of those three. I believe that the community focus of the Fedora Project allows us to seek a more reasonable balance between those three objectives. Our background in commercial releases will allow us to keep focus on the fact that we need to have timely releases and we need to manage aggressively against the schedules we set. As far as Debian goes, they have been more successful at engaging the open source development community and there is a lot we can and will learn from their experiences. There is no question that as of now Fedora and Debian are very different in the way we put things together - but I think in the near future we will start to look more and more alike as far as the level of involvement with the development community. That may yet happen, but the Fedora project is going to have to open up significantly before it can begin to shake off its image (in some quarters, at least) as a beta test program for Red Hat's enterprise products. With luck and work, perhaps Fedora can begin to approach Debian's level of community involvement. If this can be done while retaining Fedora's rather more predictable release schedule, so much the better.
Movable type and "almost free" software Movable Type is a highly popular and capable content management system oriented toward the publication of weblogs. It is written in Perl, and is necessarily distributed in source form. It has never, however, been free software. Its license did not allow distribution of modified versions, though patches could be distributed. As a whole, the license was "free enough," and Movable Type developed a large, happy user base.That user base is rather less pleased now. With the announcement of Movable Type 3.0 came the news that, for all but the smallest, personal sites, use of the new version would require a paid license. Six Apart Ltd., the company which owns Movable Type, has since learned what happens when you upset thousands of people, each of whom has a personal printing press. Many online commenters have expended countless electrons on criticism of Six Apart and its new license. We'll not join them. Six Apart owns its code, and sets the terms for its use. The company is behaving no worse than any other proprietary software vendor, and better than many. One might argue it should have made its new licensing plans clear before inviting beta testers to help them finish 3.0, but that's about it. What Six Apart has done is to provide an object lesson in the perils of "almost free" software. If you do not have the right to run, modify, and redistribute a program, you will, eventually, find yourself in a situation where that program loses its value to you. If its owner fails to maintain it, nobody else can. If its owner imposes an onerous license, your only options are to take it or leave it. Source-available proprietary software can be deceptive; it feels much like free software. But every such package is another MT 3.0 waiting to happen. Consider, for example, the case of qmail. It is, beyond doubt, a powerful and secure mail transfer agent. It is distributed in source form. But it also comes with a non-free license which forbids distribution of modified versions, and which makes the distribution of binary packages difficult. There has not been a new qmail release since June, 1998. Patches are required to get it to build on a modern Linux distribution, and others are needed to bring it up to the level of functionality needed by many sites. But, due to the redistribution restrictions, nobody can take over qmail maintenance and release a new version. That notwithstanding, many sites (LWN included, it should be said) have chosen to run qmail. But all such users should bear in mind that qmail's license terms are, at best, vague; the software itself comes with no explicit license. If qmail's author were ever to proclaim a new license, it would be hard for users to prove that any other terms had ever been in force. Even without that sort of problem, it seems pretty clear that qmail's author has long since lost interest in working on the code; the chances of there ever being another qmail release appear small. The Movable Type episode has shown, once again, that licenses really do matter. A free software license represents a sort of gift from a developer to users: those users will never be deprived of the right to use, modify, and distribute the covered software. Developers are not (and should not be) required to offer such a gift. But if the author of software you use has not given you those rights, you should not be surprised when the terms change in the future.
Page editor: Jonathan Corbet Security Did they read it? Return receipts for email have been around for quite some time. They can be useful in some settings where a user is willing to verify that they've received an email without taking the time to compose a reply. However, the return receipt depends on the user's willingness to participate in the process. Often, for one reason or another, users do not wish to do that; these users can simply configure their email client to deny requests for return-mail receipts -- if, in fact, the user's email client supports that feature at all.There are, however, those who aren't content to depend on voluntary responses. Rampell Software is peddling a subscription service for nosy correspondents who want to know whether or not their email has been read. Rampell is a company that pushes several spyware products for MacOS and Windows that are aimed at monitoring the use of other peoples' computers. The "DidTheyReadIt" service is aimed at people who are determined to know whether or not their mail has been read, and who are willing to pay for the privilege. This, of course, has some not-so-pleasant implications for personal privacy. While the company assures its potential customers that it respects their privacy, nothing is said about the privacy of the recipient who may not wish to divulge whether or not they've read a particular email or where they've read it from. On the company's About Us page, they identify what kinds of people might want to find out whether an email has been read -- including some that make DidTheyReadIt sound like a must-have for potential stalkers:
Users of online dating services such as match.com who want to know if their
potential dates are reading their messages...or ignoring them.
It isn't particularly cheap to violate others' privacy either, at least not when using DoTheyReadIt on a regular basis. A quarterly subscription for the service, with the ability to track 500 messages per month, is $24.99. To use the service, the user has to send email through DidTheyReadIt's servers by tacking ".didtheyreadit.com" onto the recipient's email address. DidTheyReadIt's server then tags the email with a "web bug" and sends it on its way to the intended recipient. For the uninitiated, web bugs are a well-known spammer trick to verify working email addresses. The spammer includes a bit of HTML in the email that will request an unique image name (usually a small image that is invisible to the reader) from a remote server that tracks the hits. The image name and email address are paired so that the spammer can identify working email addresses with users gullible enough to open the spammer's email. When the image is requested from didtheyreadit.com, a hit is logged and the sender can then view the information on the DidTheyReadIt website and/or be notified via email. DidTheyReadIt takes the web bug idea further than the spammers do, however. It responds to the request for the web bug image by sending a slow stream of data back to the mail client; that stream will continue until the receiving system resets the connection. The amount of time the connection was allowed to run will be roughly equivalent to how long the message was on the reader's screen, giving a sense of how seriously the message was read.
When the service works, the amount of information provided to the sender is
quite intrusive. Not content to simply verify that a user opened an email,
Users who are even moderately knowledgeable about the way that the Web works will have no problem blocking DidTheyReadIt from divining whether or not they have opened an email sent through this service. Rampell's claims of success "the vast majority of the time, upwards of 98% in extensive testing" are a bit suspect. In fact, many users are already protected by sane defaults in their mail clients that prohibit the display of remote graphics in HTML email by default. This writer had to deliberately disable the defaults in the Yahoo! and SpamCop (which uses Horde) webmail clients to allow DidTheyReadIt to track test emails. The tracking did not work with Thunderbird or Opera's mail client. It goes without saying that users of mutt and Pine will easily slip under the radar. Furthermore, once word gets around about this service, many users may simply opt to filter out email that passes through the DidTheyReadIt servers altogether. Some folks might also decide to play havoc with this service by writing scripts to call random images from DidTheyReadIt's servers to generate false positives and render the service useless. Ed Felten predicts that DidTheyReadIt will not succeed in the long run:
Products like this sow the seeds of their own destruction, by triggering
the adoption of technical measures that defeat them, and the creation of
social norms that make their use unacceptable.
One would hope that the use of such a service would be considered "unacceptable" by most people already. Whether or not that is true, however, the use of free software for crucial tasks like email gives users the upper hand against this sort of service. There is, after all, nothing that forces us to tolerate a mail system which supports this kind of monitoring. If only all of our email problems were so easy to solve.
New vulnerabilities firebird: Locally exploitable stack overflow
kernel: exploitable bug in the cpufreq code
SquirrelMail cross site scripting vulnerabilities
xpcd: buffer overflow
Updated vulnerabilities apache - denial of service in mod_ssl
apache: multiple vulnerabilities
cvs: heap overflow
ethereal - multiple vulnerabilities
Filename disclosure vulnerability in fam
flim: insecure file creation
gtkhtml: malformed messages cause crash
heimdal: missing input sanitizing
icecast: denial of service
iproute: local denial of service
racoon: failure to verify signatures
racoon: denial of service vulnerability
kdelibs: cookie disclosure
kde: URI Handler Vulnerabilities
kdepim: VCF file information reader vulnerability
kernel: symlink overflow in the iso9660 filessytem
kernel - root exploit in MCAST_MSFILTER
Linux kernel 2.2.10 failing function and TLB flush vulnerability
kernel-utils: setuid vulnerability
kolab: password disclosure
LHA: stack buffer overflows and directory traversal flaws
libpng: denial of service vulnerability.
libpng, libpng3: buffer overflow
libxml2 - arbitrary code execution
logcheck: symlink vulnerability
mailman denial of service
mc: multiple vulnerabilities
metamail: integer and buffer overflows
mikmod: buffer overflow
mod_python: denial of service vulnerability
mozilla: multiple vulnerabilties
mpg321: format string vulnerability
MySQL: temporary file vulnerabilities
neon: buffer overflow
Nessus NASL scripting engine security issues
netpbm: insecure temporary files
openssh: timing attack leads to information disclosure
OpenSSL: denial of service vulnerabilities
passwd: various problems
postfix: denial of service vulnerabilities
Pound format string vulnerability
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[DidTheyReadIt report]](/images/ns/didtheyreadit_thumb.jpg)