Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New RedHat Kernel Patch Illegal to Explain to U.S. Users

timothy posted about 12 years ago | from the please-keep-under-wraps dept.

Censorship 981

Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."

Sorry! There are no comments related to the filter you selected.

Egads (-1, Troll)

Anonymous Coward | about 12 years ago | (#4460799)

Democracy at work.
Frist Prost!

Again? (1, Interesting)

Anonymous Coward | about 12 years ago | (#4460800)

Didn't Alan Cox have a similar issue on an old patch for exactly the same reasons?

Maybe the Slashdot crew could try reading their own site once in a while.

Re:Again? (-1, Troll)

Anonymous Coward | about 12 years ago | (#4460943)

I know that my Cox was patched a while ago and it wasn't a violation of the DMCA. Of course, now that it's 12 inches long, it violates plenty of young virgins. I don't know what Alan's problem is.

Unfortunately, it won't affect the US on the DMCA (-1, Troll)

Anonymous Coward | about 12 years ago | (#4460804)

Stupid politicians.

One day... (-1, Insightful)

Mikelikus (212556) | about 12 years ago | (#4460806)

...americans won't be able to learn anything rather than "one country under god" or "the axis of evil" theories.

Will you vote for bush again? *sigh*

Re:One day... (0)

Anonymous Coward | about 12 years ago | (#4460815)

Weird, I thought Linux was for the people. Fight The Power!

It happened on CLINTON's watch! (2, Insightful)

Anonymous Coward | about 12 years ago | (#4460820)

At least blame Bush for HIS mistakes.

It happened with full support of the REPUBLICANS! (0, Flamebait)

Anonymous Coward | about 12 years ago | (#4460905)

Blame both sides for the DMCA. Every REPUBLICAN senator voted for that bill.

Re:It happened with full support of the REPUBLICAN (-1, Offtopic)

flyneye (84093) | about 12 years ago | (#4460972)

best solution would be to vote libertarian

Re:It happened with full support of the REPUBLICAN (1)

Guspaz (556486) | about 12 years ago | (#4460993)

I'd sooner vote librarian.

Re:It happened with full support of the REPUBLICAN (3, Interesting)

Anonymous Coward | about 12 years ago | (#4460992)

I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.

It's like this:

I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!

Re:It happened on CLINTON's watch! (-1, Offtopic)

Anonymous Coward | about 12 years ago | (#4460922)

Axis of Evil - speech by Bush

One Nation Under God - Congress is voting to make that part of the pledge a law, also under Bush's watch.

Settle down bitch.

Re:One day... (-1, Offtopic)

Mr Guy (547690) | about 12 years ago | (#4460837)

Unless suddenly Presidents get retroactive veto power, yes, yes I WOULD vote for him. AGAIN.

Re:One day... (4, Insightful)

Belisarivs (526071) | about 12 years ago | (#4460838)

Um, whose name is at the bottom of the DMCA? I'm pretty sure it's not Bush's. Want a high comment score on Slashdot? Bash Bush.

Re:One day... (5, Insightful)

Quixote (154172) | about 12 years ago | (#4460961)

You're right. The signature at the bottom of the DMCA is:



(signed) All American Citizens


In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.

Re:One day... (1)

rootofevil (188401) | about 12 years ago | (#4460995)

sadly, we dont actually live in a democracy anymore.

Re:One day... (1)

oniony (228405) | about 12 years ago | (#4461013)

Crap. Just because its a democracy doesn't mean you can't complain. Just becaues you don't vote doesn't mean you can't complain.



Any individual's vote makes no difference. Elected democracy doesn't represent the true belief of the populous, except whene the overall view is particularly strong.



People vote for who they prefer out of who they think has a reasonable chance of winning, otherwise they believe it is a wasted vote.



If the elected party is doing stupid things, you can complain, whether you voted for them or not...or didn't vote at all.

Re:One day... (-1, Offtopic)

Anonymous Coward | about 12 years ago | (#4460845)

Hey, *I* sure as hell didn't vote for Bush. Word of caution: your submission could be taken for trollbait.

Re:One day... (0, Informative)

Pave Low (566880) | about 12 years ago | (#4460851)

you fuckin idiot, clinton was the president when the dmca was passed, what the fuck does Bush have to do with this? sounds like more knee jerk america bashing again.

and yet, on slashdot this is +5 insightful! hooray for this great moderation system!

Re:One day... (0)

Anonymous Coward | about 12 years ago | (#4460886)

knee jerk bush bashing maybe, but he's still a moron. Bashing bush is not bashing america. And he does need a good lot of bashing these days.

Re:One day... (-1, Offtopic)

Rik Sweeney (471717) | about 12 years ago | (#4460869)

Will you vote for bush again? *sigh*

I didn't think anyone did.

Re:One day... (1)

Majik (31912) | about 12 years ago | (#4460913)

But this wasn't passed under him, it was passed before him. That should read, "Will you buy from media cartels that exploit the weakness of the human condition with respect to money? *sigh*"

Re:One day... (1)

frp001 (227227) | about 12 years ago | (#4460932)

Mmmm... maybe this would be the appropriate moment to recount once again.
Anyway DMCA was not Bush...

Re:One day... (1, Redundant)

flyneye (84093) | about 12 years ago | (#4460956)

uh,dopey,the DCMA came under the CLINTON administration. Perhaps if you actually had a handle on U.S. politics your humor wouldnt just signify your ignorance

Re:One day... (0)

Anonymous Coward | about 12 years ago | (#4460964)

oh no that god refrence will disappear soon too... the fricking liberals want to take away those rights as well.

we are just to love only big brother....

Re:One day... (1)

RebelTycoon (584591) | about 12 years ago | (#4460996)

The DMCA was most useful for the ENTERTAINMENT industry. That special interest group is mostly a Democratic lobby.

It was Clinton... If anything, Bush might not have let it go since the Republicans get much more money from "real" industries that got screwed by this law.

I rant because I can.

Land of the free... (5, Funny)

loply (571615) | about 12 years ago | (#4460808)

But sound doesnt travel in the land. Nor does... electricity, radio waves, or, come to think of it anything. Jeez, what a rip.

Use the source? (-1, Interesting)

RagManX (258563) | about 12 years ago | (#4460811)

Color me lazy, but I haven't even bothered reading the article yet. However, I do wonder about this "can't be explained due to DMCA" stuff. I mean, can't you just read the source of the patch to figure out what it does? Or are they releasing a binary only patch?

RagManX

Re:Use the source? (5, Insightful)

loply (571615) | about 12 years ago | (#4460863)

Yes, ofcourse, but you may not be able to fathom out what the patch does from the source. A security fix which prevents a buffer overflow could be as simple as adding or removing a typecast, which, if the kernel coders themselves didnt realise could be a security issue - Most Joe User's wont notice either... :(

Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.

Re:Use the source? (2, Funny)

obii (196264) | about 12 years ago | (#4460895)

You can use the source, but most probably the source won't give too much information. So you will have to _understand_ the source for the proper explanation.

Nonetheless, I think
> New kernel update available, fixes
> i810 video oops, several security issues

is too ridiculous. Video "oops"... ;)

In my opinion this strange DMCA that the USA have been using, has to be revised very fast.

Regards,
obii

I'd comment, but (5, Funny)

jcknox (456591) | about 12 years ago | (#4460814)

I would comment on the stuff posted on theFreeWorld.net, but after reading their disclaimer, I was afraid to continue in the site.

Repeat after me:

I will NOT vote for anyone that voted for DMCA.

for those without the minerals to read on (5, Informative)

evacuate_the_bull (517290) | about 12 years ago | (#4460855)

you can bypass that scary disclaimer and read all that hidden information here [wipo.org] (reg. req'd, blah blah) :)

Re:I'd comment, but (5, Insightful)

rmadmin (532701) | about 12 years ago | (#4460887)

I'd agree. I'd really like to know what the problem is. And where the DMCA has any damn right to tell me I can't read it. I cannot fathom what could be in that stupid text that would violate the DMCA. Anyway. Since this is an explination of the changes made to the software that I run, that I risk my data on, I think I have the right to that text. And if the goverment disagrees, then I'll take my ass and my money, and my vote over seas.

Re:I'd comment, but (5, Informative)

wagemonkey (595840) | about 12 years ago | (#4461016)

You may be allowed to read it, but the point is the posters don't want to be prosecuted for publishing it.
The Reg had a neat explanation of this, a lot of people outside the US don't want to get arrested if they set foot on US soil because they published something on a web site hosted in another country that violates the DMCA.

Re:I'd comment, but (5, Funny)

Flakeloaf (321975) | about 12 years ago | (#4460888)

I will NOT vote for anyone that voted for DMCA

Awww! But I really had my heart set on voting for Hillary Rosen again this...um... wait a minute...

Need a Website (5, Interesting)

attobyte (20206) | about 12 years ago | (#4460957)

We need a website that shows all the people that voted yes for the DMCA. So it will be easy to vote this November.

atto

I was going to comment on this.. (0)

Anonymous Coward | about 12 years ago | (#4460817)

but the country that promotes itself as the land of freespace has prohibited me from doing so.

I'm glad that there are those that standup for the rights of future generations.

WOW! (-1, Offtopic)

Craevenwulfe (611318) | about 12 years ago | (#4460823)

It's amazing how they spelled it all out using naked ladies.

Linus is not author of Linux! (0, Funny)

Anonymous Coward | about 12 years ago | (#4460824)

Linus Torvalds wasnt the one who wrote most of the Linux kernel. Instead it was his little brother Harken Torvalds. Linus always used to oppress and exploit him. He forced Harken by violence to write the kernel. Linus himself did contribute very little, and not the parts of best quality. Most of the time he just sat aside, slept, got drunk, and occasionally mistreated Harken. As a programmer, Linus is untalented and has poor skills. He forced Harken to publish his work under Linusname, and didnt allow him to get any credit for his own work.

It even got worse, when Linus started his job at Transmeta. Since he was lacking the competence for this, he forced Harken to do most of his work. Needless to say, that Linus took all the payment from Transmeta for himself, while Harken had to live from water and bread.

This exploitative relationship went on until the 2.4.0 kernel was released. At this time Harken finally made it to escape from Linus apartment, where he had to live almost like a prisoner. So Linux finally had to take over the burden of maintainership himself. We all know the outcome: lacking the competence for such a complex task, the release history became a nightmare, until Mrcelo Tosati took over.

We should give Harken the merit that he deserves. He is a brilliant programmer, almost a genius, and the free software community owes him a lot.

Simple enough. (0)

HaloZero (610207) | about 12 years ago | (#4460827)

I don't know what it is, then it's not going on my machine(s). Period.

Anyone care to suggest a new unice for a dated RedHack? Or should I just go back to Enigma-Valhalla?

*sigh*

Re:Simple enough. (5, Insightful)

eXtro (258933) | about 12 years ago | (#4460947)

Just about nobody actually knows what goes into their system, even if they roll their own linux distribution. If you start with a RedHat system for instance you might be able to keep track of what each update does, but there's a huge blind spot where your initial install starts. What exactly went into RedHat 7.2, what libararies, what library versions and what additional patches? At some point you're relying on trust, whether its trusting that RedHat didn't inject any objectionable code or that the initial developers of an application/library/kernel didn't build a Trojan horse into it or that the eyes of the community were watchful enough to observe and flag all security problems, whether intentional or unintentional.

In any event, I think RedHat is making more of a political statement here than anything else. They know that the patch documentation will be leaked, but at the same time they get to make an example of how stupid the DMCA is. I think of it more as thumbing their nose at the government and its lapdogs than actually obscuring any details.

So what this means is... (5, Insightful)

rosewood (99925) | about 12 years ago | (#4460830)

I can take this example to my congress person and say "Thanks to legislation you helped pass, I can't even stay up to date on security issues ... thanks."

I dont quite get it but heh... Im in the USA :P

Sound familiar? (3, Insightful)

shftleft (261411) | about 12 years ago | (#4460842)

To quote the article:

...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...

Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...

Re:Sound familiar? (2)

larien (5608) | about 12 years ago | (#4460852)

I think that was the idea; show the extremes that the US is going to at the moment.

Re:Sound familiar? US Citizens, too! (1, Offtopic)

Insightfill (554828) | about 12 years ago | (#4460926)

the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...

Actually, with all of the "enemy combatants" running around, I think a bunch of US citizens might be getting carted off to Cuba for the same treatment.

I could be wrong, but nobody can prove it one way or the other because habeas corpus appears to be missing, too.

Yeah, I know, off-topic.

Re:Sound familiar? (1, Insightful)

smack.addict (116174) | about 12 years ago | (#4460967)

No, it is not. We are detaining them and treating them in accordance with the rules governing prisoners of war. The only thing we are not doing is calling them prisoners of war. We are not shooting them or anything else.


Furthermore, they are members of an enemy force. Comparing that to people talking about computer patches is absurd.

Re:Sound familiar? (1)

NixterAg (198468) | about 12 years ago | (#4460973)

Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...

Yeah, except for the whole
insignificant "shooting" part.

Re:Sound familiar? (1, Offtopic)

Hard_Code (49548) | about 12 years ago | (#4460999)

We do that a lot. We let our less "civilized" allies, who have no qualms with torture, handle our suspects. Why is this surprising?

Re:Sound familiar? (0)

Anonymous Coward | about 12 years ago | (#4461003)

Fine with me. I want all those bastards dead. Snipers too. Oh, and toss in those assholes that bombed Bali.

Re:Sound familiar? (2, Insightful)

GMontag (42283) | about 12 years ago | (#4461005)

Interesting? More like Offtopic.

1. The quote is well over the top.

2. "not far off"? If our intent were to shoot POWs in Cuba, we sure are being slow about it. They are not even being mistreated!

3. You are slamming one of the FEW nations that follows the Laws of War and Peace, to include prosicuting our own military people that violate said laws.

I take back the Offtopic comment, you are just a troll.

Oh no... (5, Informative)

Anonymous Coward | about 12 years ago | (#4460843)


-- LEGALESE --

PLEASE READ FIRST.

Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.

Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.

This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.

There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.

NO WARRANTY

BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

-- END LEGALESE --

Security Holes Fixed In Linux 2.4.19

None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.

- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory

- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present

- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present

- The /proc/slabinfo file could exceed a buffer size and cause
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption

- By setting the TF flag a carefully constructed binary could hang
the kernel dead

- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit

- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur

- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)

- The rt_cache_proc file could be tricked into returning chunks of
kernel data.

- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.

- Multiple /proc files could be persuaded to dump kernel data
due to a sanity checking bug in the proc file handlers

- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions

We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.

Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in /proc. These files are now root private. The base tree is not
affected as it lacks PnPBIOS support

Credits

The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.

-- Additional Required Patch --

diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;

@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;

__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));

+ /* If the user set TF, it's simplest to clear it right away. */
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+ /* Mask out spurious debug traps due to lazy DR7 setting */
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])

Re:Oh no... (5, Funny)

amichalo (132545) | about 12 years ago | (#4460885)

- The joystick driver had erroneous copies in obscure ioctl cases

Thanks, I now understand why we in the US should never have access to this sort of information.

I was expecting the secret hideout of Dick Cheney

Re:Oh no... (2, Insightful)

boogy nightmare (207669) | about 12 years ago | (#4460949)

Hmmm someones going to get spanked for that post, breaking the copy right nd putting the US citizens at rick (phew thank flip in an Englishman)
Do you ever get the impression the Presidents just sign stuff without knowing what they are talking about.................DMCA

Re:Oh no... (5, Funny)

ActiveSX (301342) | about 12 years ago | (#4460971)

It's not that Clinton didn't understand the law, he was just *slurp* distracted at the *slurp* time.

Re:Oh no... (1)

boogy nightmare (207669) | about 12 years ago | (#4460997)

Ah yes i can see the problem. On one hand you have the protection of free speech an expresion of your population within a digitla medium and on the other hand a cigar, lady and a whole heap of trouble............ yes, i can see where it went wrong..

'Men have two brains, unfortunantly they only have enough blood to run one at a time'

Akira

This is just FUD. (0, Insightful)

gmiller123456 (240000) | about 12 years ago | (#4460954)

This is exactly the same form of FUD we've all come to hate, it's just based on law rather than technology this time. There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.

There are enough problems with the DMCA that we don't need to make things up. If stories like this become commonplace, then lawmakers will soon ignore anyone who opposes the DMCA because they'll automatically assume they're acting on FUD and not the facts.

Please, PLEASE make an update to this article stating it's just FUD. PLEASE!

Re:This is just FUD. (0)

Anonymous Coward | about 12 years ago | (#4460977)

Isn't the GPL a type of copy protection? ;-)

What we need is a recursive DMCA (5, Funny)

Junior J. Junior III (192702) | about 12 years ago | (#4460844)

So that it will be illegal to explain to someone why it's illegal to explain to someone why it's illegal to...

Re:What we need is a recursive DMCA (4, Funny)

kuberkoos (538091) | about 12 years ago | (#4461006)

DMCA = acronym for DMCA May Constrain Americans?

I have a bad feeling (5, Funny)

Anonymous Coward | about 12 years ago | (#4460854)

that somebody is gonna post the whole text of it here on slashdot and that I'm gonna see a blank DMCA WAS HERE page when I load up my homepage.

Re:I have a bad feeling (0)

Anonymous Coward | about 12 years ago | (#4460917)

ROFL. That's offtopic?? Tommorow when all you see is DMCA was here I bet somebody will mod it +5,Insightful

Re:I have a bad feeling (0)

Anonymous Coward | about 12 years ago | (#4460919)

see above...post title Oh No

China Here we come (3, Funny)

attobyte (20206) | about 12 years ago | (#4460858)

Soon the US will be like China. Anyone want to make 50 cents a day to program Microsoft software? :)

Atto

Hysterical rubbish (2, Insightful)

91degrees (207121) | about 12 years ago | (#4460861)

Posting this in the US would not be a violatiuon of theDMCA except if you used some ludicrously tortured logic. It would be like me claiming that you disagreeing with this post is a violation of the DMCA. the complainers also knwo this. This is why they make vague claimns about "the DMCA" rather than specifying the explicit clause in the DMCA.

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

The security fix information is not primarily intedned to do alow people to break into servers, and it would require some rather convoluted argument to suggest that it should.

Re:Hysterical rubbish (4, Funny)

Anonymous Coward | about 12 years ago | (#4460902)

except if you used some ludicrously tortured logic.
Earth to 91degrees. Come in 91degrees. The only logic your US polititions use is ludicrously tortured. Earth out.

Re:Hysterical rubbish (2, Insightful)

91degrees (207121) | about 12 years ago | (#4460945)

On the contrary - it's overly simplistic.

It assumes that any measures to prevent piracy are good, and nobody will want to use a movie in any way except that in which the MPAA expect you to.

Re:Hysterical rubbish (4, Insightful)

elmegil (12001) | about 12 years ago | (#4460918)

Posting this in the US would not be a violatiuon of theDMCA except if you used some ludicrously tortured logic.

They are posting information about ways to break the security of Linux. That sounds an awful lot like a DMCA violation under the same parts that were used to threaten Professor Felten, and indict Skylarov. The only difference is that Linux is not an asset of the entertainment industries....

Re:Hysterical rubbish (1)

91degrees (207121) | about 12 years ago | (#4461004)

I'm not saying the DMCA is a good law, or that it isn't over-reaching. Just that it isn't as over-reaching as people make out.

Felton broke a copy protection scheme. He didn't propose a solution to a broken scheme. He just broke it, leaving the RIAA without protection. Even that considerably less tenuous case was abandoned by the RIAA who probably realised they couldn't hope to win.

Skyralov also broke a copy protection scheme. And the case here seems considerably more tenuous, but this was still a piece of software written explicitely to circumvent a technological measure (Admittedly the use of the term "copy protection technology is a stretch here, but that was the intended purpose). The point being that he broke it to get software to work. The security posting includes a fix for these problems. It would be hard to argue that it was posted to break the security in this case.

Re:Hysterical rubbish (4, Insightful)

nagora (177841) | about 12 years ago | (#4460951)

I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".

So, is your point that there is only one stupid/bent judge in the system or that there is no one who would have a vested interest in having RedHat slapped for breaking a stupid law? In either case, you're wrong.

TWW

Re:Hysterical rubbish (1)

91degrees (207121) | about 12 years ago | (#4461020)

The point is that no judge is stupid enough to believe that a posting of a fix for a security issue is primarily intended to circumvent the security.

Illegal if you live in the US, for NON-US ONLY! (-1, Redundant)

edgrale (216858) | about 12 years ago | (#4460864)

-- LEGALESE --

PLEASE READ FIRST.

Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.

Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.

This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.

There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.

NO WARRANTY

BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

-- END LEGALESE --

Security Holes Fixed In Linux 2.4.19

None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.

- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory

- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present

- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present

- The /proc/slabinfo file could exceed a buffer size and cause
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption

- By setting the TF flag a carefully constructed binary could hang
the kernel dead

- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit

- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur

- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)

- The rt_cache_proc file could be tricked into returning chunks of
kernel data.

- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.

- Multiple /proc files could be persuaded to dump kernel data
due to a sanity checking bug in the proc file handlers

- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions

We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.

Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in /proc. These files are now root private. The base tree is not
affected as it lacks PnPBIOS support

Credits

The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.

-- Additional Required Patch --

diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;

@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;

__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));

+ /* If the user set TF, it's simplest to clear it right away. */
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+ /* Mask out spurious debug traps due to lazy DR7 setting */
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])

Ridiculous ... (0)

Anonymous Coward | about 12 years ago | (#4460866)

Maybe you could post an email adress of representitives that are responsible for this DMCA. The people could write to them, telling them how ridiculous this is, so that they might change their view. But knowing politicians from other countries I guess they wont unless there is money involved.

Personally I would laugh at such stupidiy if politicians in other countries wouldn't think to apply similar laws.

You have the right to remain silent. (4, Insightful)

Anonymous Coward | about 12 years ago | (#4460870)

Anything you say can and will be held against you in a court of law.
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.

Re:You have the right to remain silent. (0)

Anonymous Coward | about 12 years ago | (#4461015)

I heard on the radio yesterday that here in Georgia pre-marital sex is illegal. I've been breaking that one for so long I should be locked up for life!

An Idea (5, Interesting)

Derg (557233) | about 12 years ago | (#4460871)

To quote the article:
Does this mean that all of the companies issuing security advisories are breaching the DMCA?


Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)

Just my $.02

what if (3, Insightful)

tanveer1979 (530624) | about 12 years ago | (#4460872)

The US gov says that all sites which can be accesed from US have to comply by its laws irrespective of its location, otherwise the country will be declared terrorist and bombed to kingdom come?

Dosent seem too unlikely considering the chaps at the top

Re:what if (0)

Anonymous Coward | about 12 years ago | (#4460987)

That is insanely paranoid and slanderous

Re:what if (-1, Troll)

Anonymous Coward | about 12 years ago | (#4461012)

Fuck off you cunt. Mind your own country. Hope you enjoy VAT.

What this means... (4, Interesting)

Rantastic (583764) | about 12 years ago | (#4460874)

Seems to me that this means:

Someone outside the US found a security flaw that allows exploitation of the sysetm.

Explaining how to circumvent security is against the DMCA.

Red Hat supplies a patch, but they cannot tell you exactly what it fixes, because that would be explaining how to circumvent security.

Ah the horrors of humanity!

DMCA is a success (5, Interesting)

javatips (66293) | about 12 years ago | (#4460875)

It really looks that the DMCA induce so much fear that people start to censure themself.

The media corporation must be really happy yo see this.

I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.

I believe that these guys try the wrong way to persuade others that the DMCA is bad.

Re:DMCA is a success (4, Insightful)

handorf (29768) | about 12 years ago | (#4460991)

No, it makes sense. Teaching people about security holes is illegal. Patching them isn't.

Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...

How absurd! (5, Funny)

jmcwork (564008) | about 12 years ago | (#4460884)

Next we are going to find out that all US Citizens have been placed on Double Secret Probation!

More correctly, a human readable explaination... (2, Interesting)

Anonymous Coward | about 12 years ago | (#4460896)

I am not a lawyer, but as far as I know, there is no reason why people in the U.S.A. cannot download the C source code for the patch and look at it.

As far as I know, an explaination in the form of C source code is legal - it is an explaination in a human language that is not.

Contrast this to the fact that a description of DVD decryption in English is, as far as I know, legal, but in C is, as far as I know, illegal.

What about kernel source? (4, Interesting)

cr@ckwhore (165454) | about 12 years ago | (#4460908)

Ok, so Red Hat can't tell us what the patch is about... but from what I've read so far, I understand that its regarding security, and therefore, informing me about the security problem is illegal under the DMCA, because "it could be used to circumvent a digital copyright mechanism". (the computer)

But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?

I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.

WebMin (-1, Offtopic)

KlomDark (6370) | about 12 years ago | (#4460912)

Totally excellent system configuration GUI - check out WebMin - not only does it have a sweet SendMail config interface, it'll also config just about anything else on your system.

http://www.webmin.com/ [webmin.com]

Oops (2)

KlomDark (6370) | about 12 years ago | (#4460939)

This wasn't supposed to go here, instead into the guys journal about needing help with sendmail. Sorry!

Offtopic Spam (-1, Offtopic)

Anonymous Coward | about 12 years ago | (#4460979)

Just say no!

This is the solution for KaZaA, and the like (1)

Scarblac (122480) | about 12 years ago | (#4460927)

If programs like Kazaa were hosted on sites like this, then the program isn't distributed to Americans, and hence there is no argument left to drag them (a Danish/Dutch/Australian/Some Baltic State-ian operation...) into a US court.

Any Americans still using it (by lying on the form) would do so illegally, of course. Kazaa could maybe even sue them if they wanted to...

Clever tactic (5, Insightful)

akookieone (530708) | about 12 years ago | (#4460931)

Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.

But whois thefreeworld.net? (4, Interesting)

ianweeks (254559) | about 12 years ago | (#4460935)

Registrant:
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01

Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600

Re:But whois thefreeworld.net? (-1, Flamebait)

Anonymous Coward | about 12 years ago | (#4460965)

What exactly is the point of posting whois information? What difference does it make who runs the website. You probably didnt even read the register story or the changelog. So why the fuck even waste our bandwidth posting things we don't need to know.

Slashdot Editors please read this (0, Offtopic)

Anonymous Coward | about 12 years ago | (#4460946)

I ask a simple request. I want it so when you click a linked story in slashdot it puts a cookie on your hard drive. After that you are allowed to post a comment in the acompanying thread. That would hopefully cut down on all the fuckin idiots who insist on refusing to read a story and post their idiotic opinions without even having a glimmer of an idea what the story is about.

DMCA == Bible? (-1, Offtopic)

Anonymous Coward | about 12 years ago | (#4460952)

If you think about it, the DMCA has some similarities to the so-called "holy" Bible. The purpose of both is to oppress you into obediance. The Bible has had pretty good success (over a billion people), whereas the DMCA just irritates people. Then again, if we stop believing in the DMCA we're all going straight to Palladium.

P.S. If Jesus comes around, somebody steal his wallet. I bet his driver's license picture is hillarious!

paradoxes (5, Funny)

kipple (244681) | about 12 years ago | (#4460962)

1. I wonder if any lawyer can make a lawsuit out of this. If they do, they must have read "The Thing", and thus can be jailed. Why a lawsuit? I don't know, but lawsuits in the US seem to be the only way to say something or prove it.
2. I'm sure RedHat folks will be called terrorists. After all, the "Red" in the Hat (and the fact that they are Kernel HACKERS) says it all...

smile, it's fun :)

I know what it is about... (2, Funny)

RedWolves2 (84305) | about 12 years ago | (#4460963)

I could tell you but then I would have to kill you!

Google cache (1)

chicoy (305673) | about 12 years ago | (#4460966)

Next thing you know, Google will get banned because of its cache =)

Hi! I'm Joe ... (2, Funny)

thriver (186661) | about 12 years ago | (#4460978)

... and I live in a free country ... NOT!

Canada (0)

Anonymous Coward | about 12 years ago | (#4460983)

Canada will soon come and take over USA, no worries.
We'll just hide all of our domination plans behind the DMCA. "Umm... Sorry, USA. We can't show you these... They could be used, to exploit security holes, by americans. *snicker snicker*"

New Kernel patch? (5, Insightful)

Nighttime (231023) | about 12 years ago | (#4460989)

That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?

Patch explanation! (2, Informative)

Anonymous Coward | about 12 years ago | (#4460998)

The thefreeworld.net lawyer has informed us that we need a warning! So... if you are under the U.S. jurisdiction or find this explanation offensive, please don't read it. Thank you!


Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits.

The 2.4.18-5 kernel introduced some safety checks in the VM subsystem that were triggered when exiting an X session while using 3D acceleration with the Intel i810/i815 chipset. Additionally, there was a difficult to trigger race in the dcache of the file system subsystem.

This kernel update addresses both of these issues.

In addition, there are fixes for potential security holes in the following drivers:

stradis
rio500
se401
usbvideo
apm

Finally, this kernel fixes a few files in the /proc file system which had the capability to expose kernel memory when abused.

All of the security issues found during an audit and none of them, at the time of this writing, have any known exploits.

We would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen, Solar Designer, and others for their auditing work.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?