New RedHat Kernel Patch Illegal to Explain to U.S. Users 981
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
Land of the free... (Score:5, Funny)
I'd comment, but (Score:5, Funny)
Repeat after me:
I will NOT vote for anyone that voted for DMCA.
for those without the minerals to read on (Score:5, Informative)
Re:I'd comment, but (Score:5, Insightful)
Re:I'd comment, but (Score:5, Informative)
The Reg had a neat explanation of this, a lot of people outside the US don't want to get arrested if they set foot on US soil because they published something on a web site hosted in another country that violates the DMCA.
Re:I'd comment, but (Score:5, Interesting)
The DMCA made it illegal to discuss techniques that allowed users to bypass digital security, and because of the broad wording of the bill, it may be illegal to discuss such vulnerabilities at all. In this case, it is not because the author in question says you can't read the description of the problem; the DMCA says that he can't tell you what the problem is because you might then use that information to bypass security restrictions.
Re:I'd comment, but (Score:4, Informative)
For those of you who are under US jurisdiction:
Re:I'd comment, but (Score:5, Funny)
Awww! But I really had my heart set on voting for Hillary Rosen again this...um... wait a minute...
Need a Website (Score:5, Interesting)
atto
Re:Need a Website (Score:5, Informative)
Not only very little debate... (Score:5, Informative)
Digital Copyright [amazon.com]
-c
obligitory karma whoring (Score:5, Informative)
Re:HR 2281 (otherwise known as DMCA) details... (Score:4, Interesting)
I found the dates that the DMCA was introduced and what not, and near the bottom it mentions that there was a voice vote. Now if this is the actual vote by the Senate on the bill or not, its hard to say, as I don't understand it much, but I did not see any other links or anything that described a roll call, or any sort of formal vote..
Here [loc.gov] is where I was looking at.
Re:Need a Website (Score:3, Informative)
1) spoil your vote
2) vote for someone other than the incumbent
3) don't even show up to vote
Re:Need a Website (Score:4, Funny)
Senate by Unanimous Consent , House by Voice (Score:5, Informative)
passed Senate by Unanimous Consent
(similar to voice vote in House)
passed House by Voice Vote
Re:Need a Website (Score:5, Informative)
Click on "Voting Records" ->State -> Your Senator -> Telecommunications 1998 -> "DMCA Passage"
The vote was unanimous, though
Re:Need a Website (Score:5, Funny)
and need to be changed often for the same reason.
Re:Need a Website (Score:5, Insightful)
Go figure. :)
So what this means is... (Score:5, Insightful)
I dont quite get it but heh... Im in the USA
Re:So what this means is... (Score:5, Insightful)
"Thanks to the legislation you helped pass, I can't protect myself against Hackers".
OTOH, that site includes China in the "Free People" of the world, which seems a little disingenuous given the Great Firewall of China.
Re:So what this means is... (Score:5, Informative)
OTOH, that site includes China in the "Free People" of the world, which seems a little disingenuous given the Great Firewall of China.
The difference is essential. If I, in Europe, post something on a website that China doesn't like, they can block my site. If China wants to do that, that's their business.
If the US thinks the info is illegal under one of their laws (that I don't know, and shouldn't need to know), they will file a law suit, possibly be able to put enough pressure on my government to get me extradited, and ruin my life pretty much regardless of whether I win or lose.
Sound familiar? (Score:3, Insightful)
Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...
Re:Sound familiar? (Score:5, Insightful)
Considering that they are being held with no reason, trial or lawyer present, the fact that nothing has been proven then unfortunantly this statement is terribly inaccurate (like my spelling) Simply becuase they are not given POW status means that they are being held for no reason other than paranoia. It woiuld be like putting you in a lock up for 2 years in case you had something to do with drinking and looking at a car.
Remember you are supposidly a free country with 'apparent' freedom of speech, religion or beleif, becuase it is suddenly a bad thing to be against 'mainstream America' those rights are consistanly forgotten.
Akira
Re:Sound familiar? (Score:5, Interesting)
Among the prisoners being held in Guantanamo are a dozen Kuwaitis. While some are likely to be bad guys, at least five appear to be there by mistake [ninemsn.com.au], apparently humanitarian workers trying to help with the Afgan refugee problem who got swept up in the dragnet.
Now it's possible that they aren't telling the truth, but they are just sitting there rotting with no chance to make a case, not even to a military tribunal. The scariest quote in the article I link to above is
There are supposed to be two categories of people that can be captured in war: a POW, or an illegal combatant. The former is entitled to the protections of the Geneva Convention, and the latter, as an accused criminal, is entitled to the rights of an accused criminal. Instead, a third category has been invented, or rather, copied from the South American generals of the 1970s: suspected "enemies of the state" who simply disappear.
Re:Sound familiar? (Score:4, Insightful)
Indeed it is.
What is your point again?
Your point was that no absurd things ever happened in the USA and never, never will, right?
Re:Sound familiar? (Score:4, Insightful)
Pardon me, but how the fuck would you know? Even lawyers representing these people can't get the government to tell them why they're being held. And many of them aren't even being acknowledged for "national security" reasons. If the military shot a few dozen, who would ever know?
Keep your nationalist ferver to yourself; this is a thinking man's board.
Re:Sound familiar? (Score:5, Informative)
As for "one of the FEW nations that follows the Laws of War and Peace", I'd like to point out that the US has demanded (and unfortunately, gotten) concessions that no US military personnel can be tried for war crimes on UN missions. This effectively gives US soldiers carte blanche to rape, pillage and burn in a manner that would make the atrocities in the Balkans seems like a Sunday School picnic with no chance of war crimes charges ever being laid. They may get some kind of court martial or charges laid in the US court or they may not. There would be no recourse for an aggrieved party in the Internation Courts.
The more I hear about the US in recent times, the more I despair about a nation that claims to be the home of Democracy. I have my own rant [riddoch.org] about another such incident, which you're free to read.
Re:Sound familiar? (Score:4, Insightful)
Actually, US soldiers have a fairly good reputation in this area. Most of the GIs behave more or less as they would at home.
Some years ago I met an old Chinese soldier who took me into his house, fed me dinner, and gave me gifts, all because I was American. He told me that American soldiers were the best disciplined and most reliable in the world. They followed orders even when no-one was looking! That, apparently, was as un-Chinese as you could get. Thirty years after observing this, he was still astonished.
Of course, this old fellow was comparing regular army soldiers to Chinese bandits (the KMT and the competition had common origins in organized crime). We shouldn't forget about the times that US soldiers have done wrong; My Lai [military.com] is probably the most famous, and our soldiers have embarrased us on Guam several times recently. This kind of thing makes the news because it isn't normal, and the US military has been very determined about dealing harshly with the evildoers it finds in its ranks. If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.
So, you want us to send our soldiers as mercenaries to wipe your behind for you, and then you expect us to turn our soldiers over to whatever butcher is running the world court this year? We are not amused. Don't forget, the UN is filled with nations that want to destroy us (and you, too, if you're in Europe).
You aren't despairing about us, then. Greece was the birthplace of democracy, but democracy is unstable, and never lasts long anywhere. The US has always been a republic. Insofar as we can avoid democracy, we have a chance to keep our freedoms.
Our State Department would do nothing of consequence. If it became a common practice to treat Americans thus in some country, the government would advise us not to travel there. If a US citizen abroad gets involved in a revolutionary group, or some sort of criminal activity, the US government generally turns its back on him. They didn't even take any effective action to deal with Iran during the hostage mess when Carter was president, and those guys were government employees!
Re:Sound familiar? (Score:4, Insightful)
So then we have nothing to fear from an international court.
If the Army sends you overseas and you rape a local girl, you're going to wish you had brought her home and done it where the US civilian courts could punish you.
There's something about a court run by the army trying the army itself that doesn't sit quite right. Think about it from an outsider perspective. Wars play out internationally, so an international body is required when someone commits a war crime.
There's this little problem called a Constitution (Score:4, Insightful)
Well, you see, the US has this document called a "Constitution", which spells out the powers and limits of the government. This document says that US citizens and other "persons" under US jurisdiction have "Rights" which the government may not violate. And several of those "Rights" are to various bits of legal "due process" under courts which in turn are operated by the US and/or its component States, again under the Constitution's limits.
Now if the US orders some of these persons to participate a UN military action against, say, some petty tryant, the petty tyrant strikes back by accusing these persons of war crimes, and these persons are brought before a court outside of US jurisdiction, these "due process" "Rights" are violated.
So the US Executive Branch is left with three options:
1) Get the international law repealed or get an exemption.
2) Don't send US personnel on UN actions.
3) Exceed their consititutional powers, infringing persons' constitutional "Rights" in the process.
It doesn't matter whether the foreign court is a kangaroo court or the fairest in the world. And treaties don't amend the Constitution. (That's a common misreading of a constitutional provision that actually places them at the same level as federal law, state law, and state Constitutions - subordinate to the US Constitution.)
Now option 3 should be right out. The US Supreme Court has already said that such acts have no power in law, while the Congress has passed laws that make officials personally liable if they violate constitutional Rights under color of law.
For starters, the first time a US "person" was actually accused of a war crime he'd fight it in US court, precipitating a consititutional crisis and a major international incident. And he'd probably win, bringing us to the same situation but with major egg-on-the-face and with the person effectively stuck in the US forever least he be grabbed and hauled before the court anyhow. It might happen sooner - like the first time US troops are ordered on a UN mission and some of 'em don't want to go fight, or to fight on that side. (Remember the guy who didn't want to wear a non-US uniform?) Just the risk of that does major damage to military effectiveness.
It's nice to see a US executive-branch official actually PAYING ATTENTION to issue 3)- or at least the likely fallout of ignoring it, or voicing it when it yeilds a politically-convenient conclusion. Congress seems to ignore it totally (witness the DMCA) and the executive branch ignores it all too often (as a previous President did when he pushed for this international court in the first place).
We in the US tend to be a bit picky about our Constitutional limits on government. You see, we don't have Kings, Nobles, and thousands of years of traditional limits on what they can and can't do. So the Constitution is the ONLY thing standing between our current governmental system and tyranny or civil war.
Re:Sound familiar? (Score:5, Insightful)
Somehow I seem to have missed a Declaration of War by the U.S. Congress. Therefore the U.S. can not hold someone as an enemy combatant under the laws of war, because the U.S. is officially not at war.
Since according to international treaties and the U.S. Constitution the U.S. government has no other way to hold someone prisoner without a specific accusation of a crime, the U.S. is violating fundamental human rights at the moment.
Therefore the people imprisoned at Guantanamo Bay are imprisoned illegally, all according to international human rights treaties, the Geneva Conventions and the U.S. Constitution.
Mart
Re:Sound familiar? (Score:5, Insightful)
Yet still the U.S. did not react with a reciprocal Declaration of War. Therefore under international law the U.S. is not at war.
Any unilateral actions by the U.S. President are just that, unilateral actions not sanctioned by international laws and treaties. That is why the U.S. is resented by the world at large.
My conclusions are only false if you want to use the viewpoints of the current U.S. administration as canon. The same administration that has declared unilateralism as its policy from the election campaign on forward.
Lets recap:
So, notwithstanding the power of the President to deploy troops, the U.S. is not at war, and therefore the defense that normal criminal proceedings are not necessary against anyone the Administration designates an enemy combatant is bogus. Anyone trying to defend that policy knows nothing of international law and is defending an unacceptable breach of human rights.
As an aside, I have nothing to do with Berkeley (sic), as I am not an American. Your ad hominem attacks serve no purpose except to show you as a jingoistic troll.
Wake up and smell the coffee: your own administration has declared that unilateralism is to be the foreign policy. In common English: "Screw the world and what it thinks, screw international law and the treaties we signed, we do whatever we damn well please."
Mart
Re:Sound familiar? (Score:4, Insightful)
Suppose the USA goes to war with Iraq. Suppose americans are taken prisoner on their way to Iraq, and imprisoned somewhere in the middle east, without any legal representation, or hope of release.
1) Will it be OK if the internation red crescent (yes there is such a thing - it's a muslim organisation) says they're being treated OK ?
2) Is it OK if those americans have no rights under the Iraqi system, as they are housed on foreign soil, and have never touched its shores ?
3) Is it OK if Iraqi troops are exempt from war crimes during the US/Iraqi war, because they're trying to defend their country against a foreign aggressor ? After all, Saddam Hussein takes it very seriously when his soldiers don't follow his rules.
Breaking the Geneva Conventions (Score:5, Insightful)
If they were POWs then they should have been returned home by now, since the war against the Taleban is ended. If they are not POWs then they are entitled to due process of law. Neither of these is being done in the "Land of the Free".
Oh no... (Score:5, Informative)
-- LEGALESE --
PLEASE READ FIRST.
Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.
Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.
This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.
There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.
NO WARRANTY
BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
-- END LEGALESE --
Security Holes Fixed In Linux 2.4.19
None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.
- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory
- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present
- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present
- The
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption
- By setting the TF flag a carefully constructed binary could hang
the kernel dead
- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit
- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur
- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)
- The rt_cache_proc file could be tricked into returning chunks of
kernel data.
- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.
- Multiple
due to a sanity checking bug in the proc file handlers
- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions
We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.
Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in
affected as it lacks PnPBIOS support
Credits
The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.
-- Additional Required Patch --
diff -u --new-file --recursive --exclude-from
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;
@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;
__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));
+
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])
Re:Oh no... (Score:5, Funny)
Thanks, I now understand why we in the US should never have access to this sort of information.
I was expecting the secret hideout of Dick Cheney
Re:Oh no... (Score:5, Funny)
Ok then, can someone explain (Score:5, Insightful)
Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.
Re:Oh no... (Score:5, Funny)
FUCK
^C^C^Z^Z@#@#SD....
Re:Oh no... (Score:5, Funny)
-Sean
Re:Oh no... (Score:5, Funny)
Re:Oh no... (Score:5, Funny)
Re:This is just FUD. (Score:5, Insightful)
There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.
Doing it like this is just prudent. Why should someone from Europe have to know all the details of US law, weigh the chances of it being a violation, when non-US people have already gone to jail over it and there's the option of not distributing it to Americans in the first place?
Re:This is just FUD. (Score:5, Informative)
Thus, it gives you information you can use to break into these systems, bypassing their "rights management". More info in the thread from last year here [slashdot.org].
Re:This is just FUD. (Score:5, Insightful)
Please mod up the parent.
YES YES YES (Score:5, Informative)
YES, IT DOES -- PERIOD
Assuming you have a file named "copyrighted_file", which contains copyrighted text, the following command:
$ chmod 600 copyrighted_file.txt
will "effectively" prevent access to it by the system - this is all that's required under the DMCA to qualify as a "technological measure", as per section 1201-3:
(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
In layspeak: if something stops you from looking at something without someone's permission, then it 'effectively controls access'.
This is the main purpose of the +r bit in file permissions.
Re:This is just FUD. No, necessary evil. (Score:5, Interesting)
Don't you know how the U.S. legal system works? Let me explain:
If I spank my kid in public, the DA (District Attorney) will go back to my H.S. classmates and former employers and show that I generally disrespect authority, maybe was a bully, have a short temper, and that the incident was the latest in a string of inhumane behavior and child abuse that dates back at least 10 years.
My defense attorney, will argue that I was never disciplined for any such actions, never in a fight that is on record, and never visited by the local Social Worker (Except for our first child, which came before we were married - and is std procedure). I currently am active in my childrens lives, have defied 'conventional wisdom' by marrying my 'HS swetheart', having a kid before we were married, and staying married 8 years and having 2 more kids. S/He would also pull in a shrink to counter any past 'anger' issues due to the fact that my mom wasn't "all there".
All for what really was a spanking. (No, this didn't happen to me, but WI has tried to jail teen fathers - who try to do the right thing and be a father - for rape. So it's not impossible.)
The DMCA exists because lawmakers were convinced that the economy was going to fall because of piracy and free-flowing information. The only way to combat this in the U.S. is NOT by being rational - it's by meeting and exceeding the original irrational ideas, in an opposite way, that brought this beast into existance in the first place.
Re:This is just FUD. (Score:5, Insightful)
The DMCA makes it illegal to publish any sort of information that provides data relating to any sort of bug that could be potentially exploited. This was, IMHO, added to prevent people from writing applications that would allow individuals to circumvent applications that where protecting copywrited materials, but it's all in the wording.
What we need is a recursive DMCA (Score:5, Funny)
Re:What we need is a recursive DMCA (Score:4, Funny)
I have a bad feeling (Score:5, Funny)
China Here we come (Score:3, Funny)
Atto
You have the right to remain silent. (Score:4, Insightful)
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.
Re:You have the right to remain silent. (Score:5, Insightful)
No, copyright holders DO have this right. They've legally purchased this right from Congress. If you want some rights, you need to pay Congress for them too. What did you think, that this was a country by the people, of the people, and for the people?
An Idea (Score:5, Interesting)
Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)
Just my $.02
Re:An Idea (Score:3, Funny)
Re:An Idea (Score:5, Funny)
Re:An Idea (Score:4, Informative)
Probably not, but if YOU were to do this, you would be in violation of the DMCA. The main point of the DMCA is to protect companies from you and me revealing that security-related products are shoddy.
I recently got involved in a specific discussion where this might apply. Some people discovered that they could get the text out of most MS Word docs using the unix "strings" command. The format isn't pretty, but the text is there. The problem is that you also get "deleted" text that Word has just marked deleted but hasn't erased. This text can be from other docs that the sender's copy of Word has processed. This could be a very serious security leak in some cases.
This could be fixed in a unix mail reader, if the programmers could get enough info about the Word format to identify the deleted text and skip over it. This would presumably be legal. But if you were to describe the security issue when releasing the patch, you would be guilty of publicising a security flaw in MS software, and would thus be in violation of the DMCA.
So far, the decision seems to be to keep quiet about this, and just treat it as Someone Else's Problem.
There is the outstanding question of whether we unix/linux geeks are committing a serious crime if we warn Word users about this security issue. In particular, what sort of danger am I in by mentioning it here?
Maybe I should submit this as an Anonymous Coward? Nah
what if (Score:3, Insightful)
Dosent seem too unlikely considering the chaps at the top
What this means... (Score:4, Interesting)
Someone outside the US found a security flaw that allows exploitation of the sysetm.
Explaining how to circumvent security is against the DMCA.
Red Hat supplies a patch, but they cannot tell you exactly what it fixes, because that would be explaining how to circumvent security.
Ah the horrors of humanity!
DMCA is a success (Score:5, Interesting)
The media corporation must be really happy yo see this.
I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
Re:DMCA is a success (Score:4, Insightful)
Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...
Re:DMCA is a success (Score:5, Insightful)
I leave aside what this implies for the DMCA though
Greetings,
Re:DMCA is a success (Score:4, Insightful)
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
What? This is one of the most effective anti-DMCA bits, uh, ever. "You, over there. In the US. You can't read this. Shoo." Telling people 'no' is a sure way to invoke thier interest.
How absurd! (Score:5, Funny)
What about kernel source? (Score:4, Interesting)
But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?
I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.
Re:What about kernel source? (Score:3, Funny)
kernel advisory here
*/
There. Its code.
Clever tactic (Score:5, Insightful)
the best part is (Score:5, Insightful)
But whois thefreeworld.net? (Score:4, Interesting)
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
Created on: 07-AUG-01
Expires on: 07-AUG-06
Last Updated on: 07-AUG-01
Administrative Contact:
van Riel, Rik
Linux MM, c/o Conectiva Inc.
R. Tocantins 89
Cristo Rei
80050430, Curitiba PR
BR
+55 41 360 2600
paradoxes (Score:5, Funny)
2. I'm sure RedHat folks will be called terrorists. After all, the "Red" in the Hat (and the fact that they are Kernel HACKERS) says it all...
smile, it's fun
New Kernel patch? (Score:5, Insightful)
RH Reasoning (Score:5, Informative)
The document has been copyrighted, and the authors have chosen to restrict its distribution, and to use Thefreeworld.net licence as the mechanism for doing so. Note that it is the copyright, rather than fear of the DMCA, that has forced Red Hat to join in.
RH is only doing this to protect the authors who for whatever reason chose to copyright the document. Possibly the wish to make a point as well concerning the idiocy of the DMCA.
What if... (Score:5, Funny)
You know, this could be used to "frame" someone;
Print it out (don't look at it!), then, when your victim least expects it - pull it up and say "read"!
Go to the nearest police station and say that you captured a "terrorist".
Lucky me, I live in sweeeeeden..
The gist... (Score:3, Interesting)
The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.
Missing the point? (Score:5, Interesting)
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind. ;)
Status Quo... (Score:5, Funny)
prOn sites: The button that says I am under 18 get me outta here! Who would ever click this button???
Micro$oft Eula:
and now we have...
Redhat: Don't click on the button if you are not a U.S Citi.... Click!
Comming to Europe too (Score:5, Informative)
In case you don't know it, we will be getting something similar to the DMCA in Europe soon :(
You can read more here [eurorights.org].
so why have linux companies in the US ? (Score:4, Funny)
let's base debian in antarctica...
It is the *license* of the patch . . . (Score:3, Interesting)
*Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*
Now, let's do a little deductive work here while we're about it, shall we?
This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?
Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?
I'll give you three guesses, but if you don't get it in one you haven't been paying attention.
KFG
Let's see... (Score:5, Funny)
2012: New RedHat Kernel Illegal to Explain to U.S. Users
2022: Engineering Illegal to Explain to U.S. Users
I downloaded EVERYTHING (Score:4, Funny)
I LIVE IN THE US: Salt Lake City, Utah. Come get me. Muwahahaha!
Then almost all security notices violate the DMCA (Score:5, Insightful)
The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)
But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.
I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?
I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.
DMCA does not forbid reading/posting by definition (Score:5, Interesting)
D.M.C.A song (Score:4, Funny)
I said, young man, throw yourself on the ground
I said, young man, 'cause your in a new town
There's a need to be unhappy
Young man, there's a place you can go
I said, young man, when you're short on your rights
You can stay there, and I'm sure you will find
Many ways to have a good time.
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
They have everything For old men to enjoy.
They can hang out with all you boys.
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the D.M.C.A.
You can't get yourself clean
You can't have a good meal (because it likely contains DNA that created a plant that fuels you so you can talk... and say anything... and thats information that they don't want you to share)
They can do whatever they feel.
Cong' man, Are you listening to me
I said, cong' man, what do you want to be
I said, cong' man, you can make go away your rights,
all you've got to do is this one thing.
No man, does it all by himself
I said, every man, put your life on the shelf
And just break that, its the D.M.C.A.
I'm sure you can break that today
It's fun to stay at the J.A.I.L.
It's fun to stay 'cause the Y.M.C.A.
You have everything for old men to enjoy.
They can hang out with all you boys.
Cong' Man, I once filled your shoes,
I said, I'm not down with the you's
I felt, no man cared if I were alive
I felt the whole world was so jive
That's when someone came up to me
and said young man take a walk up 1600 pen 'reet
There's a thing there called the D.M.C.A.
They can start you'r ass on it's way.
D.M.C.A.
just go to the J.A.I.L.
Cong' Man, Cong' Man, I once filled your shoes,
Cong' Man, Cong' Man, Now it's out with all yous
D.M.C.A.
D.M.C.A.
D.M.C.A.
D.M.C.A.
Knowledge is Criminal? (Score:4, Insightful)
The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.
A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.
Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.
Security holes have NOTHING to do with the DMCA !! (Score:5, Insightful)
Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.
What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.
The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)
The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.
Re:One day... (Score:4, Insightful)
Re:One day... (Score:5, Insightful)
(signed) All American Citizens
In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
Re:It happened with full support of the REPUBLICAN (Score:3, Interesting)
I must be in a different US than you, from my vantage point, there's no practical difference between Republicans and Democrats, only a difference in their rhetoric.
It's like this:
I walk up to you on the street and make you an offer. I'll give you a choice, do you want me to stab you in the right eye with a pencil, or the left eye. Make your choice, it's a free country! You too can make a difference!
Re:Use the source? (Score:5, Insightful)
Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.
Re:Use the source? (Score:5, Funny)
I agree. The DMCA should be updated to disallow any patching of security holes what-so-ever.
It doesn't matter if the law will totally discourage effective security measures by outlawing any discussion or implementation of flaws or improvements. As long as we have the DMCA to protect us, any attempted security measure is good enough even if it's just some text on a screen that say "don't look here under penalty of the DMCA". Of course we'll need to gouge out your eyes as potential copyright circumvention devices, but that's a small price to pay to guarantee our security, our safety, and our liberty.
Re:Hysterical rubbish (Score:4, Funny)
Earth to 91degrees. Come in 91degrees. The only logic your US polititions use is ludicrously tortured. Earth out.
Re:Hysterical rubbish (Score:4, Insightful)
They are posting information about ways to break the security of Linux. That sounds an awful lot like a DMCA violation under the same parts that were used to threaten Professor Felten, and indict Skylarov. The only difference is that Linux is not an asset of the entertainment industries....
Re:Hysterical rubbish (Score:4, Insightful)
So, is your point that there is only one stupid/bent judge in the system or that there is no one who would have a vested interest in having RedHat slapped for breaking a stupid law? In either case, you're wrong.
TWW
Re:Hysterical rubbish (Score:5, Insightful)
Posting this in the US would not be a violation of the DMCA except if you used some ludicrously tortured logic.
Tell that to Skylarov, who wrote a program that was mandatory in Russia under Russian law, and who found himself in jail in the US under the DMCA. It doesn't matter if he wins in the end, or isn't even allowed back in or whatever. He's totally innocent, has nothing to do with the US and shouldn't have been treated like that.
You can make up any BS laws you want for yourselves over there, but totally innocent people who have nothing to do with the US end up in jail because of them. I think the thefreeworld.net site is a brilliant idea.
If there's even the tiniest chance that some information posted could be illegal under some strange law of a country you have nothing to do with (and this security info certainly could be), and they're known to get (innocent, foreign, never been to the US) people jailed over this stupid law, then the prudent thing to do is post that info only on sites like this.
Unfortunately, given how few people in the US even know their own laws, it's practically impossible for people in Russia, Norway etc to be aware of all the weird quirks in US law, and they don't even know they should be aware of them. And people from those countries were still jailed for doing something perfectly legal. The US is a threat.
I'm sorry for ranting, mod me a troll or something, I can get real angry over stuff like this.
Re:Simple enough. (Score:5, Insightful)
In any event, I think RedHat is making more of a political statement here than anything else. They know that the patch documentation will be leaked, but at the same time they get to make an example of how stupid the DMCA is. I think of it more as thumbing their nose at the government and its lapdogs than actually obscuring any details.
Re:Again? (Score:5, Interesting)
Cox didnt publish details (ie - what the bug was or how to exploit it) because he believed it violated DMCA - as somewhere out there someone could be using UNIX file permissions as a "copy protection device," and the details to exploit it would be "circumventing a copy protection scheme." IIRC, Cox is not a US citizen, but he has to travel to the US a lot, and didnt want to lose that ability by publishing the exploit.
These stories (Cox's above and this current issue) are perfect examples of things to send over to that committee collecting comments on the DMCA. Here are software authors who are scared to publish vulnerability details about their own products!
Re:Again? (Score:5, Insightful)