Cloudlinux have a product called lve that includes a kernel module. This
was previously GPLed but is now under a proprietary license, but the
module continues to declare MODULE_LICENSE("GPL") and makes use of some
EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
Signed-off-by: Matthew Garrett <[email protected]>
Cc: Alex Lyashkov <[email protected]>
---
kernel/module.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/module.c b/kernel/module.c
index 4edbd9c..9ad9ee9 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
if (strcmp(mod->name, "driverloader") == 0)
add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
+ /* lve claims to be GPL but upstream won't provide source */
+ if (strcmp(mod->name, "lve") == 0)
+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
+
#ifdef CONFIG_MODVERSIONS
if ((mod->num_syms && !mod->crcs)
|| (mod->num_gpl_syms && !mod->gpl_crcs)
--
1.7.10.4
On Fri, Jun 22, 2012 at 01:49:31PM -0400, Matthew Garrett wrote:
> Cloudlinux have a product called lve that includes a kernel module. This
> was previously GPLed but is now under a proprietary license, but the
> module continues to declare MODULE_LICENSE("GPL") and makes use of some
> EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
>
> Signed-off-by: Matthew Garrett <[email protected]>
> Cc: Alex Lyashkov <[email protected]>
> ---
> kernel/module.c | 4 ++++
> 1 file changed, 4 insertions(+)
Do you have a pointer to this code anywhere? Lying about the license to
the kernel is a pretty blatent thing to do and I'd like to have some
people follow up on that issue.
thanks,
greg k-h
On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> Do you have a pointer to this code anywhere? Lying about the license to
> the kernel is a pretty blatent thing to do and I'd like to have some
> people follow up on that issue.
http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm
- there's no corresponding SRPM in
http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and
upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is
listed as module author in the metadata.
--
Matthew Garrett | [email protected]
On Fri, Jun 22, 2012 at 7:49 PM, Matthew Garrett <[email protected]> wrote:
> Cloudlinux have a product called lve that includes a kernel module. This
> was previously GPLed but is now under a proprietary license, but the
> module continues to declare MODULE_LICENSE("GPL") and makes use of some
> EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
>
> Signed-off-by: Matthew Garrett <[email protected]>
> Cc: Alex Lyashkov <[email protected]>
> ---
> ?kernel/module.c | ? ?4 ++++
> ?1 file changed, 4 insertions(+)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 4edbd9c..9ad9ee9 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
> ? ? ? ?if (strcmp(mod->name, "driverloader") == 0)
> ? ? ? ? ? ? ? ?add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
>
> + ? ? ? /* lve claims to be GPL but upstream won't provide source */
> + ? ? ? if (strcmp(mod->name, "lve") == 0)
> + ? ? ? ? ? ? ? add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
> +
If this kernel module is really lying to us the kernel should simply
refuse to load it and
call a lawyer.
--
Thanks,
//richard
On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
>
> > Do you have a pointer to this code anywhere? Lying about the license to
> > the kernel is a pretty blatent thing to do and I'd like to have some
> > people follow up on that issue.
>
> http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm
> - there's no corresponding SRPM in
> http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and
> upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is
> listed as module author in the metadata.
Hm, and at least one reason it needs to be GPL is due to it using
symbols I created, no fun.
Alex, can you please provide the source code for this module? Or is the
license that the code is saying it is, somehow incorrect? If so, can
you please fix it? If you can't do this, is there someone else I should
be contacting?
thanks,
greg k-h
On Fri, Jun 22, 2012 at 09:09:22PM +0200, richard -rw- weinberger wrote:
> On Fri, Jun 22, 2012 at 7:49 PM, Matthew Garrett <[email protected]> wrote:
> > Cloudlinux have a product called lve that includes a kernel module. This
> > was previously GPLed but is now under a proprietary license, but the
> > module continues to declare MODULE_LICENSE("GPL") and makes use of some
> > EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
> >
> > Signed-off-by: Matthew Garrett <[email protected]>
> > Cc: Alex Lyashkov <[email protected]>
> > ---
> > ?kernel/module.c | ? ?4 ++++
> > ?1 file changed, 4 insertions(+)
> >
> > diff --git a/kernel/module.c b/kernel/module.c
> > index 4edbd9c..9ad9ee9 100644
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
> > ? ? ? ?if (strcmp(mod->name, "driverloader") == 0)
> > ? ? ? ? ? ? ? ?add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
> >
> > + ? ? ? /* lve claims to be GPL but upstream won't provide source */
> > + ? ? ? if (strcmp(mod->name, "lve") == 0)
> > + ? ? ? ? ? ? ? add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
> > +
>
> If this kernel module is really lying to us the kernel should simply
> refuse to load it and
> call a lawyer.
The kernel can't call a lawyer, but other than that, this change does
prevent the module from being loaded.
greg k-h
On Fri, Jun 22, 2012 at 12:22:22PM -0700, Greg KH wrote:
> On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> > On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> >
> > > Do you have a pointer to this code anywhere? Lying about the license to
> > > the kernel is a pretty blatent thing to do and I'd like to have some
> > > people follow up on that issue.
> >
> > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm
> > - there's no corresponding SRPM in
> > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and
> > upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is
> > listed as module author in the metadata.
>
> Hm, and at least one reason it needs to be GPL is due to it using
> symbols I created, no fun.
>
> Alex, can you please provide the source code for this module? Or is the
> license that the code is saying it is, somehow incorrect? If so, can
> you please fix it? If you can't do this, is there someone else I should
> be contacting?
Also, I almost hate to ask this, but why in the world are you creating
sysfs binary files? I really don't think you should be doing this, as
those are only for firmware and other "pass-through" things the kernel
uses to have userspace talk directly to hardware.
Odds are you can remove these files, and use the "correct" user/kernel
interface which will result in much better speed and handle things
properly for you, instead of abusing this interface.
Unless you really are talking directly to hardware, in which case, I'm
kind of interested to see what you are doing here, so the source code
would be greatly appreciated.
thanks,
greg k-h
On Fri, 22 Jun 2012 13:49:31 -0400, Matthew Garrett <[email protected]> wrote:
> Cloudlinux have a product called lve that includes a kernel module. This
> was previously GPLed but is now under a proprietary license, but the
> module continues to declare MODULE_LICENSE("GPL") and makes use of some
> EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
>
> Signed-off-by: Matthew Garrett <[email protected]>
> Cc: Alex Lyashkov <[email protected]>
> ---
> kernel/module.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 4edbd9c..9ad9ee9 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
> if (strcmp(mod->name, "driverloader") == 0)
> add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
>
> + /* lve claims to be GPL but upstream won't provide source */
> + if (strcmp(mod->name, "lve") == 0)
> + add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
> +
> #ifdef CONFIG_MODVERSIONS
> if ((mod->num_syms && !mod->crcs)
> || (mod->num_gpl_syms && !mod->gpl_crcs)
Applied, and CC'd -stable.
Thanks,
Rusty.
Hello Everyone,
I am very sorry about this situation. It was my oversight. We planned to close source the module, and we will do it later on. Yet, it looks like one of our developers missed the point -- and did things incorrectly.
Please, give us two-three weeks to straighten things out. By the end of three weeks I plan to have source RPMs with the GPLed version of the modules available in our source repositories.
Later on we will have new module that is not GPL released.
Once again -- I am sorry about the incident. We haven't planned to deceive anyone. This was more of an internal miscommunication then anything else.
I appreciate your understanding,
Igor Seletskiy
CEO of CloudLinux
On Friday, June 22, 2012 1:50:24 PM UTC-4, Matthew Garrett wrote:
> Cloudlinux have a product called lve that includes a kernel module. This
> was previously GPLed but is now under a proprietary license, but the
> module continues to declare MODULE_LICENSE("GPL") and makes use of some
> EXPORT_SYMBOL_GPL symbols. Forcibly taint it in order to avoid this.
>
> Signed-off-by: Matthew Garrett <[email protected]>
> Cc: Alex Lyashkov <[email protected]>
> ---
> kernel/module.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/module.c b/kernel/module.c
> index 4edbd9c..9ad9ee9 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
> if (strcmp(mod->name, "driverloader") == 0)
> add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
>
> + /* lve claims to be GPL but upstream won't provide source */
> + if (strcmp(mod->name, "lve") == 0)
> + add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
> +
> #ifdef CONFIG_MODVERSIONS
> if ((mod->num_syms && !mod->crcs)
> || (mod->num_gpl_syms && !mod->gpl_crcs)
> --
> 1.7.10.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
On Friday, June 22, 2012 3:43:23 PM UTC-4, Greg KH wrote:
> On Fri, Jun 22, 2012 at 12:22:22PM -0700, Greg KH wrote:
> > On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> > > On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> > >
> > > > Do you have a pointer to this code anywhere? Lying about the license to
> > > > the kernel is a pretty blatent thing to do and I'd like to have some
> > > > people follow up on that issue.
> > >
> > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm
> > > - there's no corresponding SRPM in
> > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and
> > > upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is
> > > listed as module author in the metadata.
> >
> > Hm, and at least one reason it needs to be GPL is due to it using
> > symbols I created, no fun.
> >
> > Alex, can you please provide the source code for this module? Or is the
> > license that the code is saying it is, somehow incorrect? If so, can
> > you please fix it? If you can't do this, is there someone else I should
> > be contacting?
>
> Also, I almost hate to ask this, but why in the world are you creating
> sysfs binary files? I really don't think you should be doing this, as
> those are only for firmware and other "pass-through" things the kernel
> uses to have userspace talk directly to hardware.
>
> Odds are you can remove these files, and use the "correct" user/kernel
> interface which will result in much better speed and handle things
> properly for you, instead of abusing this interface.
>
> Unless you really are talking directly to hardware, in which case, I'm
> kind of interested to see what you are doing here, so the source code
> would be greatly appreciated.
>
> thanks,
>
> greg k-h
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
Greg,
We do a "hack", which is not a pretty one, populating /sys with .htaccess files. This is really needed only by shared hosters, where one of the end users on the server, could be a hacker and could create symlinks that would later be followed by apache to read privileged information.
A better fix would be fixing the apache. Yet, surprisingly enough -- we control kernel on those servers -- but we don't control apache. So -- we tried to secure things for our customers in this particular way. Most likely we will through it out anyway.
On Sat, Jun 23, 2012 at 12:26:41PM -0700, [email protected] wrote:
> On Friday, June 22, 2012 3:43:23 PM UTC-4, Greg KH wrote:
> > On Fri, Jun 22, 2012 at 12:22:22PM -0700, Greg KH wrote:
> > > On Fri, Jun 22, 2012 at 07:51:42PM +0100, Matthew Garrett wrote:
> > > > On Fri, Jun 22, 2012 at 11:43:59AM -0700, Greg KH wrote:
> > > >
> > > > > Do you have a pointer to this code anywhere? Lying about the license to
> > > > > the kernel is a pretty blatent thing to do and I'd like to have some
> > > > > people follow up on that issue.
> > > >
> > > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/x86_64/RPMS/kmod-lve-2.6.18-408.el5.lve1.1.64.2-1.1-10.7.3.el5.x86_64.rpm
> > > > - there's no corresponding SRPM in
> > > > http://repo.cloudlinux.com/cloudlinux/5.8/updates-testing/SRPMS/ and
> > > > upstream apparently refuse to provide source. Alex Lyashkov (Cc:ed) is
> > > > listed as module author in the metadata.
> > >
> > > Hm, and at least one reason it needs to be GPL is due to it using
> > > symbols I created, no fun.
> > >
> > > Alex, can you please provide the source code for this module? Or is the
> > > license that the code is saying it is, somehow incorrect? If so, can
> > > you please fix it? If you can't do this, is there someone else I should
> > > be contacting?
> >
> > Also, I almost hate to ask this, but why in the world are you creating
> > sysfs binary files? I really don't think you should be doing this, as
> > those are only for firmware and other "pass-through" things the kernel
> > uses to have userspace talk directly to hardware.
> >
> > Odds are you can remove these files, and use the "correct" user/kernel
> > interface which will result in much better speed and handle things
> > properly for you, instead of abusing this interface.
> >
> > Unless you really are talking directly to hardware, in which case, I'm
> > kind of interested to see what you are doing here, so the source code
> > would be greatly appreciated.
> >
> > thanks,
> >
> > greg k-h
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
>
> Greg,
>
> We do a "hack", which is not a pretty one, populating /sys with
> .htaccess files. This is really needed only by shared hosters, where
> one of the end users on the server, could be a hacker and could create
> symlinks that would later be followed by apache to read privileged
> information.
I don't understand how adding a .htaccess file would solve anything
here. Are you also adding a .htaccess file to every directory in the
whole system?
> A better fix would be fixing the apache. Yet, surprisingly enough --
> we control kernel on those servers -- but we don't control apache. So
> -- we tried to secure things for our customers in this particular way.
> Most likely we will through it out anyway.
As it's probably not solving anything real, please don't do that :)
greg k-h
On Sat, Jun 23, 2012 at 08:07:12AM -0700, [email protected] wrote:
> Hello Everyone,
>
> I am very sorry about this situation. It was my oversight. We planned
> to close source the module, and we will do it later on. Yet, it looks
> like one of our developers missed the point -- and did things
> incorrectly.
>
> Please, give us two-three weeks to straighten things out. By the end
> of three weeks I plan to have source RPMs with the GPLed version of
> the modules available in our source repositories.
As you built the binary from some codebase already, why not just post
the source for this code now? There should not be any delay needed.
> Later on we will have new module that is not GPL released.
Why? What is that going to provide to you? You are aware of how the
Linux kernel community feels about closed source kernel modules, and how
your customers will be the ones dealing with the problems surrounding
that type of decision?
> Once again -- I am sorry about the incident. We haven't planned to
> deceive anyone. This was more of an internal miscommunication then
> anything else.
Understood about the miscommunication, but I don't understand any delay
as you do kind of have to provide the source now that we have asked for
it as per the license you released it to us.
thanks,
greg k-h
On Sat, 2012-06-23 at 08:07 -0700, [email protected] wrote:
> Later on we will have new module that is not GPL released.
Too bad refusing to load conceptually alien modules is incompatible with
pragmatic/practical. A decision to eradicate the things is highly
attractive excepting the "cut off your nose to spite your face" bits
contained therein.
Hohum, live long and prosper (possibly nose free) alien life form.
-Mike