Slashdot Mirror
The Case For Full Disclosure In The Linux Changelog
titurel writes: "This article on SecurityFocus takes up some interesting thoughts about how Alan Cox's choice not to unveil securitychanges in the kernel changelog could affect other developers." And Jon Lasser is no security dummy -- Along with Jay Beale, he's one of the guys behind Bastille Linux, and the author of the excellent Think Unix.
i mean, aside from the whole DMCA can of worms, it may help hackers, but if its "secure" in the first place after these changes are put in place. My understanding is that if the attackers know what the changes are, it ought to be irreivant, as they ought not to be able to gain access. This is more like another "security through obscurity" trick, than anything.
Life is like a box of chocolates, you never know when your gonna get food poisoning.
Dude. One of the worst aspects of the DMCA is that it makes violation a federal crime. No lawsuit is required.
Of course, it is a content protection system. The file permissions protect the content of certain files to be read by certain users.
So if you have a copyright protected file on your Linux server and only members of the animator group have permission to access it and then some guest or visitor has an account on that server and uses the information in the kernel changelog to get to that file, copy it and distribute it on the net, you have
a copyright violation case with the breaking of a content protection system covered under the DMCA.
And guess whose fault is was for publishing the
information in the changelog.
Next time Alan Cox comes to the US, he is arrested
and prosecuted under the DMCA.
As ridiculous as the example is, it is possible.
***Quis custodiet ipsos custodes***
This is only being restricted to the US. The rest of us all have this information.
If you really want to see it, click here:
kernel-2.2.20.log
kernel-2.2.20pre11.log
I'm sure Alan knows that people will do this, he'd probably rather stay away from it and make the moral point to US law. Ironic since in an earlier post in another topic the US-posters were praising their First Amendment.
There are problems with this line of reasoning, as I will attempt to describe.
Yes, we could all just diff the code, and we could even set up a secondary website(s) to discuss the impact of the changes we find. However, this is a very inefficient mode of operation when it comes to something as critical as security.
Your comment about "helping the script kiddies" is disturbing in that it sounds way too close to Microsoft's "plea to the security community". That's just no good; I want to see the full details of other peoples' reasoning on these things so I'll be better able to intelligently digest and evaluate the information myself. I'm not an outstanding C coder (although I do a lot of Perl and C), so I could easily miss important things.
The other trouble with this is that since this deals with open source software, the "user" has the immediate option of contributing in a meaningful way to the project. Unlike traditional "closed source" models, the average user (at least currently) of high security impact open source software is likely to have a few more than average clues on security topics.
If you make it harder for these people (read: us) to get at the requisite information, you're not only putting security at risk; you're also defeating a large part of the open source / free software philosophy. Nowhere in the GPL or any other similar license that I'm aware of does it say that changelogs are subject to geographic censorship. Now, IANAL, but I also don't think the DMCA really has anything to do with this, from my following of other threads here related to all that mess.
Just my thoughts, nothing more. Thank you.
Whether full disclosure is good or bad in general is a completely different question and not much related to the question whether it is legal or illegal in the U.S. now.
Remember, the DMCA covers encryption on copyrighted works.
People keep repeating this, where does it come from? The DMCA is not specifically about encryption. It is about technological measures that effectively control access to copyrighted works. Based on court cases so far we can safely say that encryption appears to count as one such technological measure, but that doesn't suddenly mean that it's the only measure. If it was meant to apply specifically to encryption then I think the language used would be very different.
Linux is technological, even if you don't like the particular techonology. Linux is used to control access to copyrighted works, including text files, programs, music, graphics, whatever. It isn't difficult to conclude that the security measures in Linux are technological measures that effectively control access to copyrighted works.
That doesn't mean I'm convinced that posting this particular information would be contrary to the DMCA, I'm really not sure, but that has nothing to do with whether or not encryption is involved, which is a complete red herring.
I believe the suggested exchange would go something like this:
Now, while you may be eager to spend several years in Jail, Mr. Cox is not.
Point being, a couple of days ago there was an article linked there to Newsforge with an interview with Alan Cox about his views on the DMCA and these changelogs.
For the lazy, the essential point is that AC has gotten legal advice that he very well could be charged in the US for posting the vulnerabilities based on an interpretation of the DMCA, but that no "sane" US court would convict him. However, he does not want to spend 6 months in the US to go through the process.
So, basically, he's making a political point about stupid laws. He's welcome to if that what he wants. As others have said, it's not like most people interested in kernel changes can't use diff.
Glenn
The DMCA cannot only applied in civil litigation; it can also be applied in a criminal prosecution. Case in point: Dmitry Sklyarov.
Dmitry was arrested by the FBI based on a "tip" they received from Adobe. Adobe withdrew their complaint, but that didn't stop the FBI. The FBI concluded that criminal law was being violated, and that Dmitry should be prosecuted.
If all it takes is one relatively credible tipster to cause the arrest of Cox for violating the DMCA, then Cox's actions seem perfectly reasonable. If he were to visit the United States, he'd like to go home when he's done.
My car gets 40 rods to the hogshead, and that's the way I likes it!
Not a law student, I take it. If Alan makes information available across the Internet to Americans, that violates a US law, Alan has violated US law and can be arrested when he enters the country. To take a less ephemeral example, imagine if a Colombian mails you a package of cocaine and puts his name and return address on the package. You don't think he could be arrested on entry to the US? By your logic, Osama bin Laden could not be arrested if he flew into JFK tomorrow, because he has never personally committed a crime on US soil.
The federal goverment does not actively seek out violators of the DMCA without a "victim" bringing the violation to their attention.
Do you think Sklyarov knew that his "victims" had filed a complaint against him, before he was arrested? How is Alan going to know when it is or isn't safe to travel to the US? Tivo might decide to bring a complaint because Alan has enabled people to more easily crack their boxes, for example. Linux has far wider scope, and many more applications, than anything Sklyarov ever did.
This business of having draconian laws which are enforced at the authorities discretion is very dangerous. It restricts freedom in all sorts of ways, and often results in people restricting their own freedoms, and those of others - as Alan has done - in order to "play it safe". Laws like this take away basic freedoms in an insidious, indirect way that would never be possible if done directly.
If you're saying that you support the DMCA as written, then I suppose we have a total different argument which we haven't even begun to address. But if you don't support the DMCA, you should respect Alan Cox's right to respond to it.
Alan Cox is doing more for freedom in America than you have ever done. Think about that the next time you criticize.
Here's the full uncensored changelog for Linux 2.2.20:
/proc bug and OF fb name size bug (Segher Boessenkool)
2.2.20 final
o Final fixes for the computone driver (Michael Warfield)
2.2.20pre12
o Update davicom driver to fix oopses (Sten Wang)
o Updated PC300 driver - fix SCA-II DMA bugs
(Daniela P. R. Magri Squassoni)
o Make syn cookies per socket (Andi Kleen)
o Computone driver fixes for fast PC's (Michael Warfield)
| Follow on devfs patches didnt apply so dropped
o DAC960 update (Leonard Zubkoff)
2.2.20pre11
o Security fixes
- Quota buffer overrun , possibly locally (Solar Designer)
exploitable
- Ptrace race - local root exploit (Rafal Wojtczuk,
- Symlink local denial of service attack Solar Designer,
fix Linus Torvalds)
- Sparc exec fixups (Solar Designer)
o Sparc updates (Dave Miller)
o Add escaped usb hot plug config item (Ryan Maple)
o Fix eepro10 driver problems (Aris)
o Make request_module return match 2.4 (David Woodhouse)
o Update SiS900 driver (Hui-Fen Hsu)
o Update ver_linux to match 2.4 (Steven Cole)
o Final isdn fixups for 2.2 (Kai Germaschewski)
o scsi tape fixes from 2.4 (Kai Mäkisara)
o Update credits entry (Henrik Storner)
o Fix scc driver hang case (Jeroen)
o Update credits entry (Dave Jones)
o Update FAT documentation (Hirokazu Nomoto)
o Small net tweaks (Dave Miller)
o Fix cs89xx abuse of skb->len (Kapr Johnik)
2.2.20pre10
o Update the gdth driver (Achim Leubner)
o Fix prelink elf loading in 2.2 (Jakub Jelinek)
o 2.2 lockd fixes when talking to HP/UX (Trond Myklebust)
o 3ware driver update (Adam Radford)
o hysdn driver update (Kai Germaschewski)
o Backport via rhine fixes (Dennis Bjorklund)
o NFS client fixes (Trond Myklebust, Ion Badulescu,
Jim Castleberry, Crag I Hagan.
Adrian Drzewiecki)
o Blacklist TEAC PD-1 to single lun (Wojtek Pilorz)
o Fix null request_mode return (David Woodhouse)
o Update credits entry (Fernando Fuganti)
o Fix sparc build with newer binutils (Andreas Jaeger)
o Starfire update (Ion Badulescu)
o Remove dead USB files (Greg Kroah-Hartmann)
o Fix isdn mppp crash case (Kai Germaschewski)
o Fix eicon driver (Kai Germaschewski)
o More pci idents (Andreas Tobler)
o Typo fix (Eli Carter)
o Remove ^M's from some data files (Greg Kroah-Hartmann)
o 64bit cleanups for isdn (Kai Germaschewski)
o Update isdn certificates (Kai Germaschewski)
o Mac update for sysrq (Ben Herrenschmidt)
2.2.20pre9
o Document ip_always_defrag in proc.txt (Brett Eldrige)
o Update S/390 asm for newer gcc (Ulrich Weigand
o Update S/390 documentation Carsten Otte
o Update s390 dump too and co)
o Update s/390 dasd to match 2.4
o Backport s/390 tape driver from 2.4
o FDDI bits for s/390
o Updates for newer pmac laptops (Tom Rini)
o AMD760MP support (Johannes Erdfelt)
o Fix PPC oops on media change (Tom Rini)
o Fix some weird but valid input combinations (Tom Rini)
on PPC
o Add additional checks to irc dcc masquerade (Juanjo Ciarlante,
Michal Zalewski)
o Update 2.2 ISDN maintainer (Kai Germaschewski)
o Fix 3c505 with > 16Mb of RAM (Paul)
o Bring USB into sync with 2.4.7 (Greg Kroah-Hartmann)
2.2.20pre8
o Merge DRM fixes from 2.4.7 tree (me)
o Merge sbpcd fixes from 2.4.7 tree
o Merge moxa buffer length check
o Merge bttv clip length check
o Merge aha2920 shared irq from 2.4.7 tree
o Merge MTWEOF fix from 2.4.6 tree
o Merge serverworks AGP from 2.4.6 tree
o Merge sbc60xxx watchdog fixes from 2.4.6
o Merge lapbether fixes from 2.4.6
o Merge bpqether fixes from 2.4.6
o Merge scc fixes from 2.4.6
o Merge lmc memory leak fixes from 2.4.6
o Merge sm_wss fixes from 2.4.6
o Resync AGP support with 2.4.6
o Merge epca fixes from 2.4.5
o Merge riscom8 fixes from 2.4.5
o Merge softdog fixes from 2.4.5
o Merge specialix fixes from 2.4.5
o Merge wdt/wdt_pci fixes from 2.4.5
o ISDN cisco hdlc fixes (Kai Germaschewski)
o ISDN timer fixes (Kai Germaschewski)
o isdn minor control change backport (Kai Germaschewski)
o Backport ELCR MP 1.1 config/PCI routing stuff (John William)
o Backport isdn ppp fixes from 2.4 (Kai Germaschewski)
o Backport isdn_tty fixes from 2.4 (Kai Germaschewski)
o eicon cleanups (Armin Schindler)
| Armin can you double check the clashes were ok
o Fix an ntfs oops (Anton Altaparmakov)
o Fix arp null neighbour buglet (Dave Miller)
o Update sparc version strings, pci fixups (Dave Miller)
o Define CONFIG_X86 in 2.2 as well as 2.4 (Herbert Xu)
o Configure.help cleanups (Steven Cole)
o Add MODE_SELECT_10 to qlogic fc table (Jeff Andre)
o Remove dead oldproc variable (Dave Miller)
o Update starfire driver for 2.2 (Ion Badulescu)
o 8139too driver update (Jens David)
o Assorted race fixes for binfmt loaders (Al Viro)
o Update Alpha support for older boxes (Jay Estabrook)
o ISDN bsdcomp/ppp compression fixes (Kai Germaschewski)
2.2.20pre7
o Merge rose buffer management fixes (Jean-Paul Roubelat)
o Configure.help updates (Steven Cole)
o Add Steven Cole to credits (Steven Cole)
o Update kbuild list info (Michael Chastain)
o Fix slab.c doc typo (Piotr Kasprzyk)
o Lengthen parport probe timeout (Jean-Luc Coulon)
o Fix vm86 cleanup (Stas Sergeev)
o Fix 8139too build bug (Jürgen Zimmermann)
o Fix slow 8139too performance (Oleg Makarenko)
o Sparc64 exec fixes (Solar Designer)
2.2.20pre6
o Merge all the pending ISDN updates (Kai Germaschewski)
| These are sizable changes and want a good testing
o Fix sg deadlock bug as per 2.4 (Douglas Gilbert)
o Count socket/pipe in quota inode use (Paul Menage)
o Fix some missing configuration help texts (Steven Cole)
o Fix Rik van Riel's credits entry (Rik van Riel)
o Mark xtime as volatile in extern definition (various people)
o Fix open error return checks (Andries Brouwer)
2.2.20pre5
o Fix a patch generation error, replaces 2.2.20pre4 which is
wrong on ad1848
2.2.20pre4
o Fix small corruption bug in 82596 (Andries Brouwer)
o Fix usb printer probing (Pete Zaitcev)
o Fix swapon/procfs race (Paul Menage)
o Handle ide dma bug in the CS5530 (Mark Lord)
o Backport 2.4 ipv6 neighbour discovery changes (Dave Miller)
o FIx sock_wmalloc error handling (Dave Miller)
o Enter quickack mode for out of window TCP data (Andi Kleen)
o Fix Established v SYN-ACK TCP state error (Alexey Kuznetsov)
o Sparc updates, ptrace changes etc (Dave Miller)
o Fix wrong printk in vdolive masq (Keitaro Yosimura)
o Fix core dump handling bugs in 2.2 (Al Viro)
o Update hdlc and synclink drivers (Paul Fulghum)
o Update netlink help texts (Magnus Damm)
o Fix rtl8139 keeping files open (Andrew Morton)
o Further sk98 driver updates. fix wrong license (Mirko Lindner)
text in files
o Jonathan Woithe has moved (Jonathan Woithe)
o Update cpqarray driver (Charles White)
o Update cciss driver (Charles White)
o Don't delete directories on an fs that reports (Ingo Oeser)
then 0 size when doing distclean
o Add support for the 2.4 boot extensions to 2.2 (H Peter Anvin)
o Fix nfs cache locking corruption on SMP (Craig Hagan)
o Add missing check to cdrom readaudio ioctl (Jani Jaakkola)
o Fix refclock build with newer gcc (Jari Ruusu)
o koi8-r fixes (Andy Rysin)
o Spelling fixes for documentation (Andries Brouwer)
2.2.20pre3
o FPU/ptrace corruption fixes (Victor Zandy)
o Resync belkin usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync digiport usb serial with 2.4 (Greg Kroah-Hartmann)
o Rsync empeg usb serial with 2.4 (Greg Kroah-Hartmann)
o Resync ftdi_sio against 2.4 (Greg Kroah-Hartmann)
o Bring keyscan usb back into line with 2.4 (Greg Kroah-Hartmann)
o Resync keyspan_pda usb with 2.4 (Greg Kroah-Hartmann)
o Resync omninet usb with 2.4.5 (Greg Kroah-Hartmann)
o Resync usb-serial driver with 2.4.5 (Greg Kroah-Hartmann)
o Resync visor usb driver with 2.4.5 (Greg Kroah-Hartmann)
o Rsync whiteheat driver with 2.4.5 (Greg Kroah-Hartmann)
o Add edgeport USB serial (Greg Kroah-Hartmann)
o Add mct_u232 USB serial (Greg Kroah-Hartmann)
o Update usb storage device list (Stas Bekman, Kaz Sasayma)
o Bring usb acm driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring bluetooth driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring dabusb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring usb dc2xx driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring mdc800 usb driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring rio driver into line with 2.4.5 (Greg Kroah-Hartmann)
o Bring USB scanner drivers into line with 2.4.5 (Greg Kroah-Hartmann)
o Update ov511 driver to match 2.4.5 (Greg Kroah-Hartmann)
o Update PCIIOC ioctls (esp for sparc) (Dave Miller)
o General sparc bugfixes (Dave Miller)
o Fix possible oops in fbmem ioctls (Dave Miller)
o Fix reboot/halt bug on "Alcor" Alpha boxes (Tom Vier)
o Update osst driver (Willem Riede)
o Fix syncppp negotiation bug (Bob Dunlop)
o SMBfs bug fixes from 2.4 series (Urban Widmark)
o 3ware IDE raid driver updates (Adam Radford)
o Fix incorrect use of bitops on non long types (Dave Miller)
o Fix reboot/halt bug on 'Miata' Alpha boxes (Tom Vier)
o Update Tim Waugh's contact info (Tim Waugh)
o Add TIOCGSERIAL to sun serial on PCI sparc32 (Lars Kellogg-Stedman)
o ov511 check user data more carefully (Marc McClelland)
o Fix netif_wake_queue compatibility macro (Andi Kleen)
2.2.20pre2
o Fix ip_decrease_ttl as per 2.4 (Dave Miller)
o Fix tcp retransmit state bug (Alexey Kuznetsov)
o Fix a few obscure sparc tree bugs (Dave Miller)
o Fix fb
o Fix complie with CONFIG_INTEL_RNG=y (Andrzej Krzysztofowicz)
o Fix rio driver when HZ!=100 (Andrzej Krzysztofowicz)
o Stop 3c509 grabbing other EISA boards (Andrzej Krzysztofowicz)
o Remove surplus defines for root= names (Andrzej Krzysztofowicz)
o Revert pre1 APIC change
2.2.20pre1
o Fix SMP deadlock in NFS (Trond Myklebust)
o Fix missing printk in bluesmoke handler (me)
o Fix sparc64 nfs (Dave Miller)
o Update io_apic code to avoid breaking dual (Johannes Erdfelt)
Athlon 760MP
o Fix includes bugs in toshiba driver (Justin Keene,
Greg Kroah-Hartmann)
o Fix wanpipe cross compile (Phil Blundell)
o AGPGART copy_from_user fix (Dawson Engler)
o Fix alpha resource setup error (Allan Frank)
o Eicon driver updates (Armind Schindler)
o PC300 driver update (Daniela Squassoni)
o Show lock owner on flocks (Jim Mintha)
o Update cciss driver to 1.0.3 (Charles White)
o Backport cciss/cpqarray security fixes (me)
o Update i810 random number generator (Jeff Garzik)
o Update sk98 driver (Mirko Lindner)
o Update sis900 ethernet driver (Hui-Fen Hsu)
o Fix checklist glitch in make menuconfig (Moritz Schulte)
o Update synclink driver (Paul Fulghum)
o Update advansys scsi driver (Bob Frey)
o Ver_linux fixes for 2.2 (Steven Cole)
o Bring 2.2 back into line with the master ISDN (Kai Germaschewski)
o Whiteheat usb driver update (Greg Kroah-Hartmann)
o Fix via_rhine byte counters (Adam Lackorzynski)
o Fix modem control on rio serial (Rogier Wolff)
o Add more Iomega Zip to the usb storage list (Wim Coekaerts)
o Add ZF Micro watchdog (Fernando Fuganti)
That's an interesting scenario, but I believe the content needs to be protected by the creator, not a user.
And nobody using Linux ever creates any valuable, original content? Gosh, an author writing his new bestselling novel on a multi-user Linux system may be surprised to hear that. So might the programmers of the "next big thing" who are also writing their new whiz-bang software on Linux systems and collaborating over the Internet.
If you're a zombie and you know it, bite your friend!
Am I wrong?Yes, you're wrong.
Mr. Cox has consulted a lawyer (always a good idea when you are unsure of how a law might affect your activities) and has been advised that there is a greater-than-zero chance that he might be open to arrest and imprisonment if he travels to the US after publishing an "uncensored" changelog. Mr. Cox therefore chooses to avoid that greater-than-zero chance and protect his ability to travel to the US as he wishes to.
It's not a joke. It's sounds silly, but it's not a joke. Unfortunate indeed, but no joke.
If you're a zombie and you know it, bite your friend!