Re: GPL only usage of security.h

From: Crispin Cowan (crispinat_private)
Date: Mon Sep 24 2001 - 12:36:06 PDT

  • Next message: Smalley, Stephen: "RE: GPL only usage of security.h"

    Greg KH wrote:
    
    >>>>Perhaps we should LGPL the security.h.  Does that create problems?
    >>>>
    >>>I would object to this.  That would be granting the explicit right for
    >>>it to be used in closed source binaries.  I do not want to grant that
    >>>explicit right.
    >>>
    >>That is exactly what I always intended LSM to do.
    >>
    >In reading over the original messages announcing this project I do not
    >see that stated anywhere.  Am I missing something?
    >
    LSM was proposed as an enhancement to the existing LKM (Loadable Kernel 
    Module) interface. As such, I thought it was implicit, if not obvious, 
    that LSM would not change the current licensing practices for LKMs. 
    Current practice discourages closed source modules, but permits them if 
    they do not require modification to the kernel to run, as helpfully 
    pointed out by Richard Offer in his citation to "Linux Device Drivers, 
    2nd ed, O'Reilly, p12".
    
    >If this is one of the goals of the project it should be mentioned right
    >up front so that people will realize this.
    >
    Ok.  I propose the following text:
    
        LSM, being an enhancement to the Linux Loadable Kernel Module
        interface, uses the same licensing requirements as LKMs. As of this
         writing <date> that practice is that closed source modules are
         discouraged. Closed source modules are permitted only if they do
        not  require any changes at all to the Linux kernel. Requiring
        changes to  the Linux kernel makes a module a derived work of the
        kernel, and  thus subject to the Linux kernels' GPL.
    
    
    Now, WHY should it be this way?  Because security modules are often 
    large & expensive to maintain. When Linus rejected outright inclusion of 
    SELinux into Linux, he cut off security from the large powerhouse that 
    is Linux maintenance: security module maintainers are on their own.
    
    Some security modules (SELinux, LIDS) will likely follow the GPL path of 
    hoping to gather helpers. Other security vendors (SGI, HP, WireX) might 
    seek to create commercial (proprietary) modules that they sell for 
    money, and use the money to maintain the modules. NOTE: Contrary to this 
    post http://marc.theaimsgroup.com/?l=linux-kernel&m=100134989121896&w=2 
    on the Linux kernel mailing list, to my knowledge such closed modules 
    either do not exist or have not been released.
    
    I view this as similar to Linux permitting proprietary applications 
    (e.g. Netscape Navigator, Oracle, DB2, Lotus Domino, Word Perfect). LSM 
    modules are applications for the kernel, and NOT core OS infrastructure. 
    If a powerful security module was to be a core part of Linux, then Linus 
    would have selected and accepted one/some. He explicitly did not. So 
    these security features must be maintained separate from Linux, just as 
    applications are.
    
    What do I want:  Greg has graciously rolled back his Sunday patch with 
    the license comment. I want it to stay that way. Any changes regarding 
    policy towards binary modules should be made by Linus and apply to the 
    Linux kernel as a whole, and not be special to LSM.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 12:37:54 PDT