| Binary-only module GPL issues -- redux |
a guest column by Kevin Dankwardt (Oct. 22, 2002)
Foreword: I recently wrote a column about the support in the Linux kernel and in utilities for enforcing GPL licensing on loadable modules. As can be expected, this issue has been debated on the Linux Kernel Mailing List. A lengthy session ran in September of 2001 with a run of 75 messages. The debate has just resurfaced over issues with the Linux Security Module mechanism. Note that the FAQ for the Linux Kernel Mailing List (LKML) can be found here, and an archive of the LKML is available here.
Binary-only module GPL issues -- redux
by Kevin Dankwardt
Linux Security Module
An overview of the Linux Security Module (LSM) mechanism can be found here. Essentially, LSM is a kernel patch that provides support to modules that wish to implement security mechanisms. Key kernel data structures such as task_struct, superblock, and kern_ipc_perm are modified to have security fields.
Binary Only Modules Discussion
The September 2001 discussion began with a posting by Arjan van de Ven, stating that he was composing a list of existing binary-only drivers for Linux. A number of other contributors replied with additional drivers. It was pointed out that the amount of source code provided, and whether it was GPL'd, varied from driver to driver. Thus, the issue was more than just about binary-only.
The binary-only module issue regarding LSM hinges on differences in opinion as to whether LSM related modules should be required to be GPL'd. As an example, Alan Cox wrote "With the current lunatic US congress proposals on security, crypto and building big brother into all PC's I'd say allowing non GPL security modules is positively dangerous to the well being of non US itizens."
One of the developers of LSM, Greg Kroah-Hartman, proposed a comment for a header file, that seeked to clarify that the LSM mechanism could be used by only GPL'd modules. The comment in the header file was "This file may not be included in any code not licensed under the list of accepted free software licenses as defined in module.h contained in this same directory. "
He explains his position a bit, and reasons that non-GPL code may not include GPL header files. Crispin Cowan, in a lengthy reply, suggests that it may be best to just label header files as GPL and not add any additional commentary about their usage. Cowan also points out that if non-GPL programs are not permitted to include GPL header files then many user space programs are in violation.
Crispin Cowan suggests: "This file is GPL. See the Linux Kernel's COPYING file for details. There is controversy over whether this permits you to write a module that #includes this file without placing your module under the GPL. Consult your lawyer for advice." Greg Kroah-Hartman accepts that phrase and adds it to the file.
Ignacio Vazquez-Abrams, points out that header files sometimes include macros, and the bodies of those macros are essentially inserted into the code that uses them. He therefore suggests that header files may be better licensed as LGPL.
One can also see that some header files include inline definitions of functions which have the same code-including effect as do macros. Thus, a new GPL related issue has cropped up.
Then, Greg Kroah-Hartman suggests that the LSM functions be marked as callable only from GPL code. Alan Cox replies that GPL-only symbol exporting is coming.
In another twist, it was discovered that an author of a kernel driver had apparently granted someone another license besides GPL so that they were allowed to use the driver code in their own, non-GPL code. Nicholas Knight, suggested that linux kernel code authors divulge when they give out alternative licenses, so that members of the Linux community don't needlessly accuse other developers of violating the GPL in the use of such code.
LSM issue again
On October 17, 2002, Christoph Hellwig, posted a patch that changed the symbol export of several LSM security functions to GPL-only. It was later stated by another contributor that one of the authors of the security code, Crispin Cowan, was opposed to using GPL-only exporting on the symbols. Cowan has said that he believes there is benefit in permitting proprietary modules, just as there is benefit in permitting proprietary applications.
When asked what additional benefit the GPL-only exporting provides, Christoph Hellwig wrote: "My arguement [SIC] is that I want this flag as a hint for authors of propritary security modules that I'm going to sue them if they use hook called from code I have copyright on."
In an apparent sign of frustration, Linus Torvalds wrote: "Note that if this fight ends up being a major issue, I'm just going to remove LSM and let the security vendors do their own thing." Torvalds goes on to say "In short, ... I think it's very clear that a LSM module is a derived work, and thus copyright law and the GPL are not in any way unclear about it."
Linus Torvalds, in a subsequent message, clarified his stance on the GPL-only symbol export macro: "Side note: it should be noted that legally the GPLONLY note is nothing but a strong hint and has nothing to do with the license (and only matters for the _enforcement_ of said license)." Additionally, he likened the GPL-only exportation to a "click-through" license agreement. The GPL-only symbols require a module to declare itself to be GPL, and thus acknowledge that it is using GPL code.
Incidentally, the latest version of the 2.5 series Linux kernel, 2.5.44, includes the LSM patch and has the "consult a lawyer" comment in the security header file. Also, five entities, two individuals, and three companies are listed on the file as copyright holders.
Finally, Richard B. Johnson gives a code fragment that can be linked into a binary-only module so that the result claims GPL licensing. This raises another issue: since the GNU/Linux linker, ld, provides for linking object files together into yet another object file, if one links an object file that says it is GPL with an object file that does not specify a license, the resulting object file will claim GPL.
Summary
It is clear that the GPL issue concerning loadable modules is as factious as ever. The introduction of the GPL-only exportation of symbols and of tainting the kernel has not resolved the issue. Jeff Garzik voices the opinion of many of us when he says: "Sigh, I hate legal crap."
Acknowledgement: Thanks to Karim Yaghmour for letting us know about this recent discussion.
 About the author: Kevin Dankwardt is founder and President of K Computing, a training and consulting firm. He has spent most of the last 9 years designing, developing, and delivering technical training for such subjects as Unix system programming, Linux device drivers, real- time programming, and parallel-programming for various organizations world-wide. He received his Ph.D. in Computer Science, in 1988.
Related stories:
(Click here for further information)
|
|
|
FUEL Database on MontaVista Linux
Whether building a mobile handset, a car navigation system, a package tracking device, or a home entertainment console, developers need capable software systems, including an operating system, development tools, and supporting libraries, to gain maximum benefit from their hardware platform and to meet aggressive time-to-market goals.
Breaking New Ground: The Evolution of Linux Clustering
With a platform comprising a complete Linux distribution, enhanced for clustering, and tailored for HPC, Penguin Computing¿s Scyld Software provides the building blocks for organizations from enterprises to workgroups to deploy, manage, and maintain Linux clusters, regardless of their size.
Data Monitoring with NightStar LX
Unlike ordinary debuggers, NightStar LX doesn¿t leave you stranded in the dark. It¿s more than just a debugger, it¿s a whole suite of integrated diagnostic tools designed for time-critical Linux applications to reduce test time, increase productivity and lower costs. You can debug, monitor, analyze and tune with minimal intrusion, so you see real execution behavior. And that¿s positively illuminating.
Virtualizing Service Provider Networks with Vyatta
This paper highlights Vyatta's unique ability to virtualize networking functions using Vyatta's secure routing software in service provider environments.
High Availability Messaging Solution Using AXIGEN, Heartbeat and DRBD
This white paper discusses a high-availability messaging solution relying on the AXIGEN Mail Server, Heartbeat and DRBD. Solution architecture and implementation, as well as benefits of using AXIGEN for this setup are all presented in detail.
Understanding the Financial Benefits of Open Source
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss.
Embedded Hardware and OS Technology Empower PC-Based Platforms
The modern embedded computer is the jack of all trades appearing in many forms.
Data Management for Real-Time Distributed Systems
This paper provides an overview of the network-centric computing model, data distribution services, and distributed data management. It then describes how the SkyBoard integration and synchronization service, coupled with an implementation of the OMG¿s Data Distribution Service (DDS) standard, can be used to create an efficient data distribution, storage, and retrieval system.
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
|
|
|
|
|
news feed