Slashdot Mirror
New RedHat Kernel Patch Illegal to Explain to U.S. Users
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)
Just my $.02
I'm a little tea pot.
It really looks that the DMCA induce so much fear that people start to censure themself.
The media corporation must be really happy yo see this.
I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
Ok, so Red Hat can't tell us what the patch is about... but from what I've read so far, I understand that its regarding security, and therefore, informing me about the security problem is illegal under the DMCA, because "it could be used to circumvent a digital copyright mechanism". (the computer)
But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?
I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.
Skiers and Riders -- http://www.snowjournal.com
Registrant:
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01
Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600
We need a website that shows all the people that voted yes for the DMCA. So it will be easy to vote this November.
atto
I didn't use the preview button, so get over it!!!!
Mike
I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.
It's like this:
I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!
Thankfully, I'm in Canada and not bound by retarded US laws. /. is, though, so I'm not gonna post verbatin what the patch is.
The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.
If you believe everything you read, you'd better not read. - Japanese proverb
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind. ;)
UNIX? They're not even circumcised! Savages!
that makes it illegal to release the information to US citizens. The patch code was written entirely by non US citizens outside of the US borders. In order to prevent the possible prosecution by the US government, ala Skylarov, they released under license terms that forbid divulging information about it.
*Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*
Now, let's do a little deductive work here while we're about it, shall we?
This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?
Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?
I'll give you three guesses, but if you don't get it in one you haven't been paying attention.
KFG
The point isn't even that anyone would be charged under the DMCA, but that under the language of the law, they could be. The underlying point is that disclosing security vulnerabilities and keeping current with their announcements are extremely common activities for any security professional doing his/her job.
That said, the whole exercise seems a bit lame and the article more or less says that straight out after leading in with a bit of sarcasm. It's not even the dumbest part of this law, but that's another story already beaten to death on /.
yes, it did happen once. IIRC, he found (or was told of) a bug in filesystem permissions that allowed someone outside a uid/gid to gain access to a file.
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
One of the falsehoods taught about US Government in our own schools is that its a "democracy", when in fact, it isn't. The US Government is a "representative republic". We elect people to do our dirty work for us... there's no law that says our elected officials have to listen to us, but the pressure of re-election keeps 'em tuned in to the opinions and concerns of their constituents.
So, when the election comes around in the near future, DON'T VOTE FOR ANYBODY CURRENTLY IN THE CONGRESS!! This is how we as a people communicate our discontent with the actions of our current Congress. Honestly, if we keep voting these same losers into the congress, but dislike the laws they make, then we're weak as a people and deserve to have our freedoms impounded for being complacent. Freedom is a privelage that requires maintenance.
(First order of business, challenge the DMCA)
Skiers and Riders -- http://www.snowjournal.com
Don't you know how the U.S. legal system works? Let me explain:
If I spank my kid in public, the DA (District Attorney) will go back to my H.S. classmates and former employers and show that I generally disrespect authority, maybe was a bully, have a short temper, and that the incident was the latest in a string of inhumane behavior and child abuse that dates back at least 10 years.
My defense attorney, will argue that I was never disciplined for any such actions, never in a fight that is on record, and never visited by the local Social Worker (Except for our first child, which came before we were married - and is std procedure). I currently am active in my childrens lives, have defied 'conventional wisdom' by marrying my 'HS swetheart', having a kid before we were married, and staying married 8 years and having 2 more kids. S/He would also pull in a shrink to counter any past 'anger' issues due to the fact that my mom wasn't "all there".
All for what really was a spanking. (No, this didn't happen to me, but WI has tried to jail teen fathers - who try to do the right thing and be a father - for rape. So it's not impossible.)
The DMCA exists because lawmakers were convinced that the economy was going to fall because of piracy and free-flowing information. The only way to combat this in the U.S. is NOT by being rational - it's by meeting and exceeding the original irrational ideas, in an opposite way, that brought this beast into existance in the first place.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I think DMCA is good example of how U. S. will loose its domination.
By restricting anything which may compromise poorly designed products U. S. will slightly stop any significant research and development, so as americans have to buy Japan electronics, they will have to buy encryption technology from Europe, communications equipment from Israel and software from Eastern Europe and Russia.
More laws will emerge to prevent techology companies moving out, restricting U. S. citizens to work abroad. Canada will have to require visas from americans, because they will seek asylum in there. British and Canadian controls will be set on american international airports to prevent asylum seekers to enter both countries. Amnesty International will be terminated and reopened in Paris.
Military power will be supplied by foreign components and foes will know their weaknesses better than U. S. The more 9/11 will arrive and U. S. will try to respond with military actions. U. N. will become angry about it.
Americans will still fly to space, but only to repair ISS or put in new communication equipment for Japan/Europe corporations. I am really looking forward to Intel HQ and R&D in Europe or Canada, while moving production plants to U. S., rather than Mexico, because of workforce price.
Japan will legally buy Hawaii. Russia with Japan will be complaining about american fishermen overcoming legally agreed quotas on fish in northern Pacific.
Networks of other countries will have the similar border with U. S. like China has with whole world - just because no one using any data tramsmission could not be sure if it will not be attacked by legal (in U. S.) attack at the network.
Why? Because few people wanted to keep high margins on movies...
--
paja
"Incorrect Again". Hrm, the BBC disagrees. "The United Nations Security Council has voted unanimously to exempt US peacekeepers from prosecution by the new war crimes court".
As for the UCMJ, yes, OK, soldiers could be tried under that. However, if an order comes from on high (e.g. a general, or even the president), is a trial really going to happen? I guess the examples of rape & pillage were bad, but what about orders to assassinate someone? Or napalm a village (not that the US has ever done that before...)?
Republic/Democracy? Whatever. The fact is that the US tends to like to believe it's the home of democracy.
You are incorrect. A *patch* for GPLed software may be released under any license the author desires. This is what allows propriatary binary only hardware support, as well as providing functionality for such software as might otherwise violate the DMCA, such as DVD players.
/.
The *patch* is the work of the author and has nothing to do with the code otherwise under the GPL. You're thinking along the MS lines that the GPL is somehow a "virus" that infects your propriatary code. Stop it.
You also seem to be laboring under some sort of misconception that the GPL somehow can confer legality/illegality. It's perfectly possible to write GPLed code under one jurisdiction that may be illegal under another and thus may be freely distributable in, say, the US, but not in, say, China. Or in this case China, but not the US.
The licese has been posted here on
Read it and think about it.
KFG
Massachusetts rejected this crap. So, maybe all of us should follow suit. Redhat should ignore it, or
use a Massachusetts based location ot get it out.
Chapter 12, section 1201 of the DMCA. "(c) Other Rights, Etc., Not Affected. - (4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. " You can talk about it. You can read it. You can even post it. Bob & Tom can read the Redhat patch description over the radio. This looks to be in direct conflict with b1, also in section 1201: "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - " U.S. congress is prohibited from passing the latter into law, it being in direct conflict with the first amendment. Remove the word 'technology' and it's probably okay. If 'technology' means descriptions as well as boxes with pretty lights and buttons. First amendment of the American constitution includes: "Congress shall make no law ... abridging the freedom of speech, or of the press ... "
A Google search for "DMCA first amendment" and "bill of rights" will get you where you need to go if you think I've taken something out of context.
Apologies for the length; brevity is not the soul of law. Legal experts, I'll be interested to hear why I've incorrectly interpreted this rare clear use of English in legislation.
Among the prisoners being held in Guantanamo are a dozen Kuwaitis. While some are likely to be bad guys, at least five appear to be there by mistake, apparently humanitarian workers trying to help with the Afgan refugee problem who got swept up in the dragnet.
Now it's possible that they aren't telling the truth, but they are just sitting there rotting with no chance to make a case, not even to a military tribunal. The scariest quote in the article I link to above is
There are supposed to be two categories of people that can be captured in war: a POW, or an illegal combatant. The former is entitled to the protections of the Geneva Convention, and the latter, as an accused criminal, is entitled to the rights of an accused criminal. Instead, a third category has been invented, or rather, copied from the South American generals of the 1970s: suspected "enemies of the state" who simply disappear.
I found the dates that the DMCA was introduced and what not, and near the bottom it mentions that there was a voice vote. Now if this is the actual vote by the Senate on the bill or not, its hard to say, as I don't understand it much, but I did not see any other links or anything that described a roll call, or any sort of formal vote..
Here is where I was looking at.
Despite the +5 Insightful rating, this post is completely wrong. The problem, as it was acturately described originally in the story, is that the patch fixes a problem that could be used to bypass "digital security - i.e. computer security".
The DMCA made it illegal to discuss techniques that allowed users to bypass digital security, and because of the broad wording of the bill, it may be illegal to discuss such vulnerabilities at all. In this case, it is not because the author in question says you can't read the description of the problem; the DMCA says that he can't tell you what the problem is because you might then use that information to bypass security restrictions.
This does actually go beyond Alan Cox making a point, he really does have to worry about releasing patches giving circumvention information in the US.
Consider the following:
Assume Microsoft Palladium has shipped.
Assume a major remote exploit bug/hole allowing one to bypass the "trusted computing environment" is discovered in this new OS.
Assume the steps required to reproduce the bug allow one to bypass the DRM built into the OS.
If you posted either an exploit or a description of the bug you could be charged with violating the anti-circumvention section of the DMCA.
Now assume someone has a "trusted computing" patch for linux that uses digital signatures for security. Remember this can also be used for DRM.
Bug allowing trusted computing subsystem to be bypassed is found.
Someone posts patch for this bug, by it's very nature the patch contains enough information to exploit the hole.
This also would be violating the anti-circumvention provisions of the DMCA.
If you think perhaps this is an overly broad reading of the law and nobody would really ever be prosecuted for violating the DMCA in this way. Remember DAs who have decided a perp is evil and must be guilty of something will find something to nail you on. Usually a law with overly broad language that was aimed at an entirely different problem. Some favorites are RICO, federal wire-fraud statutes, tax evasion, anti-conspiracy statues, computer crime laws, and coming soon to a courtroom near you the DMCA.
Happy Fun Ball is for external use only.
I would think that the Skylarov case would be the ultimate example of what is wrong with the DMCA and the DOJ in general. Adobe did everyone (except Skylarov himself) a huge favor by starting this mess. Forget about hypotheticals, drop the "this could become illegal"s. We've got a case that shows just how wrong this law is.
Refusing to grant a visa is the best way the feds have to avoid committing an atrocity here. He'll be convicted in absentia, but they'll never ask for extradition- you can't request extradition for someone that you denied entry to.
Washington gets their conviction without actually having to jail him- just some bureaucratic snafu over at State, you know. The DMCA is validated (?) by the conviction. Washington is spared the embarassment of jailing him, and we still have this travesty to point to.
Everyone wins except Skylarov, and he gets to stop losing. The State Dept. turned him down for a visa, and he doesn't have to apply for another. He can't come to the US again, but I'd imagine he isn't so hot on that idea anyway.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
Yes, I live in the US. Do you have any examples?
I'm claiming that this scenario would surely require more than just a misunderstanding of technology, but also a serious misunderstanding of the DMCA.
In any case, the fact that technology is misunderstood in the courts is all the more reason to avoid being alarmist and confusing in how we (as people who DO understand technology) portray the DMCA. Do you think it helps anyone's understanding of technology for Cox to be claiming that sercurity holes have something to do technological measures for controlling access to copyrighted works?