FYI, I believe it is the kernel itself that interprets the #!(interpreter)\n at the start of a file, not the shell.
But anyway... I don't think you can constrain root with chroot(2) anyway. root can mknod(2) himself a device file and access your filesystems directly if he wants. Or he can do the same for one of the mem(4) devices. Or call ioperm(2) and talk to hardware devices with iopl(2). There are probably dozens of other methods to escape from such a 'jail'.
One way to overcome the problem is to not use su or sudo. In a secure system it should never be possible for a process to increase its privilige level.
But remember, secure systems are a pain in the arse to use.
Well, obviously NVIDIA contests the generally-agreed-upon idea that nvidia.ko is a derivative work of the Linux kernel.
They probably think that the only portions of Linux that they use are the kernel headers. Are headers copyrightable? They do not contain any software code, merely interface definitions; they are mere facts, not creative works.
Are NVIDIA correct? Well, the authors of Linux have yet to disagree with them...
Food for thought: consider these three commands, given that nvidia.o is NVIDIA's binary blob and foo.o is compiled from foo.c + the Linux kernel headers:
tar -cf nvidia.tar foo.o nvidia.o
ar nvidia.a foo.o nvidia.o
gcc -o nvidia.ko foo.o nvidia.o
What is the difference between them? Which are "mere aggregation" and which create a derived work, and why?
I don't deny it*--I was trying to take a dispassionate look at the long term effects, as I believe we must also do when considering whether globalisation benefits or harms us and others, at personal, national and global levels.
(I also agree that comparing workers in poor working conditions to slavery is a ridiculous appeal to emotion)
* of course many (most?) slaves were already such before they were sent along that longest leg of the Golden Triangle; captives taken in tribal wars, sold into slavery by their enemies/neighbours.
That's because it's not the job of the legal system to punish companies for making crap products and providing crap services. It is the job of the consumer.
If a company continues to make a profit while providing crap products and services then I guess they're not so crap after all, eh? And if they don't, they will improve their products and services, or go bust.
At least, that's the theory. I wouldn't care to guess how long it will take for the system to come back into balance.
So the 10 year old kids are better off starving because there is no work available for them? To put it another way, how can there be labour protection when there is no labour?
As more companies compete over the same work force, they will offer higher wages and better labour protection. This will not happen overnight, just as the improvements in place in the Western world took many years to effect.
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
I have that attributed to George Bernard Shaw, but in this day and age of the Internet, who knows whether that is correct or not.
I think they _do_ distribute binary blobls linked against the kernel's headers. One of the steps their installer goes through is to search for a precompiled kernel module suitable for the currently running kernel. If one can not be found, it compiles one itself.
I doubt they'd do such a thing without being pretty sure that they were in a legally secure position, and I can even understand their reasoning. foo.ko is just another archive format, containing nvidia.o (the binary blob) and other.o files (compiled from provided (but not AFAIK GPL'd).c files. It is no different from nvidia.tar containing the same files.
Slashdot Mirror
If you live in a country when it is illegal to watch your own damn DVDs then you have problems!
(insert anne rand quotation about the imposibility of governing an honest man)
Hm, I forgot to suggest what I often end up doing...
mysql_query (sprintf ("SELECT * from foo WHERE bar = '%s'", mysql_real_escape_string ($baz)));
mysqli/PDO?
:(
Of course neither are enabled in Debian's current PHP packages.
Hear, hear!
FYI, I believe it is the kernel itself that interprets the #!(interpreter)\n at the start of a file, not the shell.
But anyway... I don't think you can constrain root with chroot(2) anyway. root can mknod(2) himself a device file and access your filesystems directly if he wants. Or he can do the same for one of the mem(4) devices. Or call ioperm(2) and talk to hardware devices with iopl(2). There are probably dozens of other methods to escape from such a 'jail'.
AFAIK, Linspire hasn't done that since before it changed its name from Lindows.
One way to overcome the problem is to not use su or sudo. In a secure system it should never be possible for a process to increase its privilige level.
But remember, secure systems are a pain in the arse to use.
How do you change their password?
I am ashamed to admint that I have caught myself mentally reaching out to run the w(1) command to see who is currently in my house.
Meanwhile, you have people in the developing world behind four or five layers of NAT.
Well, obviously NVIDIA contests the generally-agreed-upon idea that nvidia.ko is a derivative work of the Linux kernel.
They probably think that the only portions of Linux that they use are the kernel headers. Are headers copyrightable? They do not contain any software code, merely interface definitions; they are mere facts, not creative works.
Are NVIDIA correct? Well, the authors of Linux have yet to disagree with them...
Food for thought: consider these three commands, given that nvidia.o is NVIDIA's binary blob and foo.o is compiled from foo.c + the Linux kernel headers:
tar -cf nvidia.tar foo.o nvidia.o
ar nvidia.a foo.o nvidia.o
gcc -o nvidia.ko foo.o nvidia.o
What is the difference between them? Which are "mere aggregation" and which create a derived work, and why?
It's not all sunshine and roses though.
A 8E580!3555.entry
http://hane05.spaces.live.com/Blog/cns!908541C1D7
I don't deny it*--I was trying to take a dispassionate look at the long term effects, as I believe we must also do when considering whether globalisation benefits or harms us and others, at personal, national and global levels.
(I also agree that comparing workers in poor working conditions to slavery is a ridiculous appeal to emotion)
* of course many (most?) slaves were already such before they were sent along that longest leg of the Golden Triangle; captives taken in tribal wars, sold into slavery by their enemies/neighbours.
You're dead right! Barriers to employment and trade should be removed in both directions.
Where can I get one of these loans with an interest rate less than the rate of inflation? :)
If you don't want to be "exploited" by an employer, you are always free to quit your job and starve.
Doesn't sound so much like exploitation now, does it?
That's because it's not the job of the legal system to punish companies for making crap products and providing crap services. It is the job of the consumer.
If a company continues to make a profit while providing crap products and services then I guess they're not so crap after all, eh? And if they don't, they will improve their products and services, or go bust.
At least, that's the theory. I wouldn't care to guess how long it will take for the system to come back into balance.
In the long run, perhaps they (or their descendants) are better off. I know I'd prefer to be a citizen of the United States than stuck in Africa!
So the 10 year old kids are better off starving because there is no work available for them? To put it another way, how can there be labour protection when there is no labour?
As more companies compete over the same work force, they will offer higher wages and better labour protection. This will not happen overnight, just as the improvements in place in the Western world took many years to effect.
I have that attributed to George Bernard Shaw, but in this day and age of the Internet, who knows whether that is correct or not.
Why do you think the two goals are incompatible?
I think they _do_ distribute binary blobls linked against the kernel's headers. One of the steps their installer goes through is to search for a precompiled kernel module suitable for the currently running kernel. If one can not be found, it compiles one itself.
.o files (compiled from provided (but not AFAIK GPL'd) .c files. It is no different from nvidia.tar containing the same files.
I doubt they'd do such a thing without being pretty sure that they were in a legally secure position, and I can even understand their reasoning. foo.ko is just another archive format, containing nvidia.o (the binary blob) and other
I find http://www.dansimmons.com/news/message/2006_04.htm and http://www.dansimmons.com/news/message/2006_05.htm good fodder for starting discussions too.
Even Debian don't seem to agree with that interpretation.
d ules-i386
http://packages.debian.org/src:nvidia-graphics-mo