Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Linux
Tainted love: proprietary drivers and the Linux kernel
By Joe Barr
on
April 28, 2004 (8:00:00 AM)
Share
Print
Comments
As reported on Slashdot and elsewhere, Linux kernel hackers have discovered that some proprietary modules running on the Linux kernel have been "lying" about their licensing. Doing so allows those modules to pass the automated license test done when they are loaded and thus escape the "tainted kernel" messages the loader would otherwise produce. NewsForge has gone behind the scenes and spoken to Linus Torvalds and the CEO of one of the firms providing proprietary modules for Linux to learn more about this story.
We queried Marc Boucher, president of Linuxant, Inc., by email yesterday, asking if it were true that their proprietary Linux drivers were "lying" to the load module by including an "end of string" sequence after the word "GPL" in the binary code. Marc told us "The \0 is a technical workaround to prevent a slew of redundant and confusing messages appearing on the console when our modem driver modules are loaded." Marc also pointed us to an email he had posted to the Linux Kernel Mailing List, in which he explains that some source code is provided for their Linux drivers.
In that same email, Marc went on to explain "Unfortunately Linuxant cannot release the source for the proprietary portions of the Conexant HCF and HSF softmodem drivers, because it does not own these parts and the terms under which they have been licensed from Conexant prohibit it." He added that " We have tried to attenuate the inconvenience of these restrictions by isolating the proprietary code and releasing source for all operating-system specific code, so that people can rebuild the modules for any kernel."
We asked Marc if he felt this situation would be played out in a way which would keep everyone happy and allow Linuxant to continue to provide Linux users with drivers they would otherwise not have. He told us "Hopefully yes. The political situation is not easy but we will continue to work hard to find reasonable compromises that both proprietary & free sides, (and especially the average Linux user) can live and be happy with, and keep delivering badly needed drivers / hardware support that would otherwise be missing for Linux.
Why the tainted label?
Speaking of Linux users and the free software side of the issue, we emailed Linus Torvalds and asked what should happen when a proprietary driver is loaded in Linux. He replied:
Nothing much.The code sets a "tainted" flag, which will affect all subsequent kernel fault reports, so that developers will know that the system had been using a binary-only module (this was brought on by the fact that a _lot_ of time has been wasted trying to debug problems which later turned out to be triggered by binary kernel modules. The most common of which has been the nvidia 3d-acceleration driver, which has one).
There are some internal kernel interfaces that aren't exported to non-GPL modules, but they are _really_ internal, ie no normal module should need them.
We also asked Linus what users should do if they see the "tainted" message appear as a module is loaded. He replied:
Nothing. It's a warning that kernel developers probably won't care much about problems reported that happen afterwards, and that if you have any kernel issues, you should see if they go away by _not_ using the binary module, but there is really no action otherwise needed.
Comments
on Tainted love: proprietary drivers and the Linux kernelNote: Comments are owned by the poster. We are not responsible for their content.
Since when did blatant lying become a "technical workaround?" These @$$holes ought to have their crap blocked from working in the kernel.
They don't outright lie, but they certainly are trying to be "sneaky" with it.
I would have a lot more respect for him if the guy would have said, "We tried a trick to stop the taint messages and got caught. Sorry. It won't happen again."
I would have a lot more respect for him if the guy would have said, "We tried a trick to stop the taint messages and got caught. Sorry. It won't happen again."
They tell the kernel that their stuff is GPL, and it is not. That's lying.
Aren't they the company that started asking ~ $15 for their 56k modem driver that had always been freely downloadable (as a proprietary binary) before that time, and out of their good heart kept its 14k4 counterpart free? I remember that sympathetic move made laugh hard once, junk all their drivers, and switch to ADSL the next day. Never regretted that.
BJ
BJ
Since when? How about when the first VGA-compatible graphics cards for the PC came out, and had to include the string "IBM" in their BIOS because certain DOS programs used that string (which was part of the IBM copyright statement) to detect whether a VGA was present.
Uh, just what in the crap does that have to do with this?
I just want to add my few cents- because you know, it really matters. Oh, and those tainted love lyrics were quite nice. Thank you.
When you don't tell the truth, it's called lying. When you withhold the truth, it's called lying. When you hide the truth, it's called lying.
You don't have to be a benedictine monk to figure this out. They are putting proprietary crap into the kernel source and hiding it. Not much more to say, other than get the Fuck out.
When you don't tell the truth, it's called lying. When you withhold the truth, it's called lying. When you hide the truth, it's called lying.
You don't have to be a benedictine monk to figure this out. They are putting proprietary crap into the kernel source and hiding it. Not much more to say, other than get the Fuck out.
Re:Umm.. Is Clinton making binary kernel drivers?
Posted by: Anonymous Coward on May 02, 2004 12:33 PM
Shouldn't the subject title here really be "Is Bush making binary kernel drivers?"? Not that I really think that he is anywhere near intelligent enough to do that... My point here is: Who's lies have actually caused damage? That blowjob didn't hurt anybody.
"The \0 is a technical workaround to prevent a slew of redundant and confusing messages appearing on the console when our modem driver modules are loaded."
In other words:
"The \0 is an attempt to pacify Linux users into thinking we are good community members. We think the Linux user community isn't mature enough to live with proprietary drivers. We think they are dumb enough to fall for it and leave us alone. We also don't want to have to take support calls based on the messages that print when the driver is loaded. We want the Linux community to debug and diagnose any bugs that may be revealed in our proprietary driver so we don't have to pay any staff to do it. We are lazy, penny-pinching, sleazy business people trying to keep our costs down through dishonest methods. We are surprised that the Linux community discovered what we did and think this lame explaination will fool them into accepting our sleazy action."
In other words:
"The \0 is an attempt to pacify Linux users into thinking we are good community members. We think the Linux user community isn't mature enough to live with proprietary drivers. We think they are dumb enough to fall for it and leave us alone. We also don't want to have to take support calls based on the messages that print when the driver is loaded. We want the Linux community to debug and diagnose any bugs that may be revealed in our proprietary driver so we don't have to pay any staff to do it. We are lazy, penny-pinching, sleazy business people trying to keep our costs down through dishonest methods. We are surprised that the Linux community discovered what we did and think this lame explaination will fool them into accepting our sleazy action."
does anybody know whether they ytried this trick from the beginning or employed it later as a reaction to user complaints (i can imagine that some users who are naive enough to buy computers with components that require binary only drivers would start to panick upon seeing the "tainted kernel" message)?
anyway, they would have been well advised to put a prominent message in the README file which explained what was going on.
Problem is that people who dont uderstend the tainted module message and panic when they see one usualy dont read the readme's.
That said i still dont think it was fair or honest of them to use "tehnical workaronds".
That said i still dont think it was fair or honest of them to use "tehnical workaronds".
"The political situation is not easy but we will continue to work hard to find reasonable compromises that both proprietary & free sides, (and especially the average Linux user) can live and be happy with,..."
Remove the \0 and let the tanted messages print. The driver will still work. Linux will still work. The user is still happy. Your standing in the Linux community is patched. Done.
It's not hard work. Find the line in the code, hit the delete key twice, recompile. That's not hard!
Oh, one more step: APOLOGIZE!
Remove the \0 and let the tanted messages print. The driver will still work. Linux will still work. The user is still happy. Your standing in the Linux community is patched. Done.
It's not hard work. Find the line in the code, hit the delete key twice, recompile. That's not hard!
Oh, one more step: APOLOGIZE!
> "reasonable compromises"
Yep, screw this "reasonable compromises" bullcrap, the only compromising that needs to be done is for them to quit lying to Linux and follow the same rules everyone else has to follow, or write their own kernel that they can set the rules for. Or here's a "reasonable compromise" for them: they straighten their crap out, and their stuff doesn't get blocked from working in the kernel, they don't get sued, and people quit hating them.
Yep, screw this "reasonable compromises" bullcrap, the only compromising that needs to be done is for them to quit lying to Linux and follow the same rules everyone else has to follow, or write their own kernel that they can set the rules for. Or here's a "reasonable compromise" for them: they straighten their crap out, and their stuff doesn't get blocked from working in the kernel, they don't get sued, and people quit hating them.
And here's a reasonable compromise that makes everyone happy; amend modprobe so that the taint message only appears once, and it can be used to probe their sequence of modules as they wish to. Then put the proper licence back.
How's that a "reasonable compromise?" The rules are what they are; if they don't like them, they can get out or try to get them changed, not subvert them and make everyone cater to you. This is all the same reason you don't negotiate with terrorists or even petty criminals. Don't like the law? Tough. Try getting it changed, because while it's the law you're in trouble if you break it.
I really would pay to see their code...I am still laughing at the response..oh man.
I am not a kernel hacker, but I would bet a zillion $$$ that anything that causes error messages from code without the '\0' could have been fixed another way. More probably their closed source module uses so much stuff from the (GPL) kernel that it won't work otherwise.
So how did they figure out the "culprit" was actually the GPL checking code in the kernel? What a liar!
Anyone willing to reverse engineer this stuff just to see how true his words are?
I am not a kernel hacker, but I would bet a zillion $$$ that anything that causes error messages from code without the '\0' could have been fixed another way. More probably their closed source module uses so much stuff from the (GPL) kernel that it won't work otherwise.
So how did they figure out the "culprit" was actually the GPL checking code in the kernel? What a liar!
Anyone willing to reverse engineer this stuff just to see how true his words are?
They're the company that started asking ~ $15 for their 56k modem driver that had always been freely downloadable (as a proprietary binary) before that time, and out of their good heart kept its 14k4 counterpart free.
I remember that sympathetic move made laugh hard once, junk all their drivers, and switch to ADSL the next day.
Never regretted that.
BJ
I remember that sympathetic move made laugh hard once, junk all their drivers, and switch to ADSL the next day.
Never regretted that.
BJ
I decided to boycott conexant because of this,
by advicing clients & others to make sure they
do not buy their products.
by advicing clients & others to make sure they
do not buy their products.
Since device drivers have more priveleges than other code, making a reasonable proprietary device driver that claims to be GPL would seem to be a good way to insert a back door into linux. You wouldn't have to get the kernel team to approve it, just get some naieve user to install it. Then claim that Linux is inherently insecure.
Maybe the kernel should be fixed to treat all device drivers as untrusted software, Most of them can be compiled as modules anyway, so if the driver is simply a user space device that has only been granted permission to use the hardware addresses that it needs to do its job, that might help minimize the damage it can do. In fact, It could be put in a very tight sandbox so that if it needed access to another device driver, or any other part of the system it would have to have explicit permission to do that.
All this wouldn't make it impossible to use proprietary device drivers as back doors, but it would sure make it more difficult.
Further, the things that the driver needs permission to access should NOT be arranged as a system call by the module, but rather as a text table built into the module that the kernel reads when it loads the module, and before it executes any code in the module. This would make it possible to read the requirements by simply by typing cat \modulename\, and would make it impossible for the device driver to lie about the resources that it needs.
Maybe the kernel should be fixed to treat all device drivers as untrusted software, Most of them can be compiled as modules anyway, so if the driver is simply a user space device that has only been granted permission to use the hardware addresses that it needs to do its job, that might help minimize the damage it can do. In fact, It could be put in a very tight sandbox so that if it needed access to another device driver, or any other part of the system it would have to have explicit permission to do that.
All this wouldn't make it impossible to use proprietary device drivers as back doors, but it would sure make it more difficult.
Further, the things that the driver needs permission to access should NOT be arranged as a system call by the module, but rather as a text table built into the module that the kernel reads when it loads the module, and before it executes any code in the module. This would make it possible to read the requirements by simply by typing cat \modulename\, and would make it impossible for the device driver to lie about the resources that it needs.
LOL @ Title!
Posted by: Anonymous Coward on April 29, 2004 02:12 AMSometimes I feel I've got to
Run away I've got to
Get away
From the pain that you drive into the heart of me
The love we share
Seems to go nowhere
And I've lost my light
For I toss and turn I can't sleep at night
(chorus)
Once I ran to you (I ran)
Now I'll run from you
This tainted love you've given
I give you all my company could give you
Take my tears and that's not nearly all
Oh...tainted love
Tainted love
Now I know I've got to
Run away I've got to
Get away
You don't really want IT any more from me
To make things right
You need someone to hold you tight
And you'll think love is to pray
But I'm sorry I don't pray that way
(chorus...)
GPL, don't touch me please
I cannot stand the way you tease
I love you though you hurt me so
Now I'm going to pack my things and go
Tainted love, tainted love (x2)
Touch me baby, tainted love (x2)
Tainted love (x3)
(Original at http://www.leoslyrics.com/listlyrics.php?id=1823)
#