Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264987AbUD2WHi (ORCPT ); Thu, 29 Apr 2004 18:07:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264989AbUD2WHi (ORCPT ); Thu, 29 Apr 2004 18:07:38 -0400 Received: from kinesis.swishmail.com ([209.10.110.86]:41990 "EHLO kinesis.swishmail.com") by vger.kernel.org with ESMTP id S264987AbUD2WHg (ORCPT ); Thu, 29 Apr 2004 18:07:36 -0400 Message-ID: <40917DBA.1080308@techsource.com> Date: Thu, 29 Apr 2004 18:12:10 -0400 From: Timothy Miller MIME-Version: 1.0 To: Marc Boucher CC: Rik van Riel , lkml - Kernel Mailing List , Rusty Russell , David Gibson Subject: Re: [PATCH] Blacklist binary-only modules lying about their license References: <40911C01.80609@techsource.com> <20040429213246.GA15988@valve.mbsi.ca> In-Reply-To: <20040429213246.GA15988@valve.mbsi.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1768 Lines: 44 Marc Boucher wrote: > Giuliano Colla wrote: > >>Can you honestly tell apart the two cases, if you don't make a it a case of >>"religion war"? > > > On Thu, Apr 29, 2004 at 11:15:13AM -0400, Timothy Miller answered: > >>Firmware downloaded into a piece of hardware can't corrupt the kernel in the >>host. >> >>(Unless it's a bus master which writes to random memory, which might be >>possible, but there is hardware you can buy to watch PCI transactions.) > > > and unless it's a card with binary-only, proprietary BIOS code called at > runtime by the kernel, for example by the vesafb.c video driver, > which despite this has a MODULE_LICENSE("GPL"). > > Could someone explain why such execution of evil proprietary binary-only > code on the host CPU should not also "taint" the kernel? ;-) That's a good question, but the BIOS code you're talking about is not part of the kernel. Sure, it's possible that it might still corrupt the kernel, but it's not being loaded into it as a module. The developer of the BIOS code never intended for their code to be run by the Linux kernel. Is it still dangerous? Yes. Is it a violation of the GPL? No. Also, developers of modules which thunk to BIOS code are aware of the potential problems and are typically willing to take responsibility for investigating bugs in their own code. (Bugs in the BIOS means you're screwed and need to get new hardware.) Developers of proprietary drivers are notoriously unhelpful when it comes to fixing bugs in their code. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/