Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Censorship Your Rights Online

New RedHat Kernel Patch Illegal to Explain to U.S. Users 981

Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
This discussion has been archived. No new comments can be posted.

New RedHat Kernel Patch Illegal to Explain to U.S. Users

Comments Filter:
  • by loply ( 571615 ) on Wednesday October 16, 2002 @07:56AM (#4460808) Homepage
    But sound doesnt travel in the land. Nor does... electricity, radio waves, or, come to think of it anything. Jeez, what a rip.
  • by jcknox ( 456591 ) on Wednesday October 16, 2002 @07:56AM (#4460814)
    I would comment on the stuff posted on theFreeWorld.net, but after reading their disclaimer, I was afraid to continue in the site.

    Repeat after me:

    I will NOT vote for anyone that voted for DMCA.
  • by rosewood ( 99925 ) <.rosewood. .at. .chat.ru.> on Wednesday October 16, 2002 @08:00AM (#4460830) Homepage Journal
    I can take this example to my congress person and say "Thanks to legislation you helped pass, I can't even stay up to date on security issues ... thanks."

    I dont quite get it but heh... Im in the USA :P
    • by jandrese ( 485 ) <kensama@vt.edu> on Wednesday October 16, 2002 @08:53AM (#4461234) Homepage Journal
      You could even use stronger wording:

      "Thanks to the legislation you helped pass, I can't protect myself against Hackers".

      OTOH, that site includes China in the "Free People" of the world, which seems a little disingenuous given the Great Firewall of China.
      • by Scarblac ( 122480 ) <slashdot@gerlich.nl> on Wednesday October 16, 2002 @09:51AM (#4461705) Homepage

        OTOH, that site includes China in the "Free People" of the world, which seems a little disingenuous given the Great Firewall of China.

        The difference is essential. If I, in Europe, post something on a website that China doesn't like, they can block my site. If China wants to do that, that's their business.

        If the US thinks the info is illegal under one of their laws (that I don't know, and shouldn't need to know), they will file a law suit, possibly be able to put enough pressure on my government to get me extradited, and ruin my life pretty much regardless of whether I win or lose.

  • Sound familiar? (Score:3, Insightful)

    by shftleft ( 261411 ) on Wednesday October 16, 2002 @08:02AM (#4460842) Homepage
    To quote the article:

    ...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...

    Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...
  • Oh no... (Score:5, Informative)

    by Anonymous Coward on Wednesday October 16, 2002 @08:02AM (#4460843)

    -- LEGALESE --

    PLEASE READ FIRST.

    Unfortunately the DMCA prevents this document being issued to US citizens.
    This document is a copyrighted work. The authors choose to exercise their
    first distribution rights to prohibit the distribution of this work in the
    United States Of America, its dependancies, embassies and anywhere else
    under US law.

    Redistibuting this document in the USA may be a criminal offence under the
    Digital Millenium Copyright Act with punishment including jail sentences.
    Attempting to test these holes in the USA, even with the permission of the
    system owner may be an offence. Discussing this document with a US citizen
    may be an offence.

    This document is made available for free without warranty or other right of
    recourse implied or otherwise. No statement save one in writing by the owner
    of the copyright changes this usage agreement. Any export download is at your
    own risk and liability.

    There is no other user agreement, should your local law make such an
    agreement invalid you are prohibited from using this document, and may be
    committing an offence by redistributing it.

    NO WARRANTY

    BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
    FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
    OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
    PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
    OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
    TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
    DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
    REPAIR OR CORRECTION.

    IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
    WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
    REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
    INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
    OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
    TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
    YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
    DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGES.

    -- END LEGALESE --

    Security Holes Fixed In Linux 2.4.19

    None of the holes documented here are remote. All these problems were
    uncovered by auditing and there are no current exploits available. In
    the interest of openness and ensuring people are aware of the security
    fixes they are documented.

    - If the Stradis driver is loaded (hardware must be present) a
    maths overflow allowed the user to scribble into kernel memory

    - It was possible to feed the SE401 USB hardware driver signed
    values and fool kernel checks. This requires the hardware is
    present

    - The usbvideo driver could be fooled due to a maths overflow corner
    case. This requires drivers to be present

    - The /proc/slabinfo file could exceed a buffer size and cause
    corruption of the kernel. This is really beyond user control but
    if it occurs then the user can trigger the corruption

    - By setting the TF flag a carefully constructed binary could hang
    the kernel dead

    - By misusing the rlimit resource limits it was possible to avoid
    acct data being written on your process exit

    - The joystick driver had erroneous copies in obscure ioctl cases
    that could be used to patch the kernel as any user. Hardware
    must be present and the module loaded for this vulnerability
    to occur

    - Multiple errors in the vm86 handling allowed users to force an
    "Oops" from the kernel and in some cases to corrupt kernel data.
    An additional small fix is needed for 2.4.19 but not 2.4.19-ac
    (see bottom)

    - The rt_cache_proc file could be tricked into returning chunks of
    kernel data.

    - On a system with over 1Gb of RAM the loop driver could in some
    cases fail and expose kernel data. This is not under user control.
    On 2.4.19 the loop driver works fine with large memory systems.

    - Multiple /proc files could be persuaded to dump kernel data
    due to a sanity checking bug in the proc file handlers

    - The XMM SSE registers were not always cleared for new processes
    and could expose data from a different task. While it was not
    possible to modify another tasks registers there is a small risk
    because some cryptographic systems have XMM acceleration functions

    We also fixed problems that required privileges to exploit. These affected
    the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
    system, the ewrk3 network driver, module loading, the microcode driver and
    vm86. We document these in the interest of completeness.

    Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
    quite common BIOS implementations that causes a crash when certain 32bit
    BIOS calls are made. This allowed users to crash some systems by reading
    files in /proc. These files are now root private. The base tree is not
    affected as it lacks PnPBIOS support

    Credits

    The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
    Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
    more secure kernel.

    -- Additional Required Patch --

    diff -u --new-file --recursive --exclude-from /usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
    --- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
    +++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
    @@ -305,8 +319,13 @@
    static void inline do_trap(int trapnr, int signr, char *str, int vm86,
    struct pt_regs * regs, long error_code, siginfo_t *info)
    {
    - if (vm86 && regs->eflags & VM_MASK)
    - goto vm86_trap;
    + if (regs->eflags & VM_MASK) {
    + if (vm86)
    + goto vm86_trap;
    + else
    + goto trap_signal;
    + }
    +
    if (!(regs->xcs & 3))
    goto kernel_trap;

    @@ -514,10 +533,15 @@
    {
    unsigned int condition;
    struct task_struct *tsk = current;
    + unsigned long eip = regs->eip;
    siginfo_t info;

    __asm__ __volatile__("movl %%db6,%0" : "=r" (condition));

    + /* If the user set TF, it's simplest to clear it right away. */
    + if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
    + goto clear_TF;
    + /* Mask out spurious debug traps due to lazy DR7 setting */
    if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
    if (!tsk->thread.debugreg[7])
    • Re:Oh no... (Score:5, Funny)

      by amichalo ( 132545 ) on Wednesday October 16, 2002 @08:08AM (#4460885)
      - The joystick driver had erroneous copies in obscure ioctl cases

      Thanks, I now understand why we in the US should never have access to this sort of information.

      I was expecting the secret hideout of Dick Cheney
      • Re:Oh no... (Score:5, Funny)

        by rosie_bhjp ( 40538 ) on Wednesday October 16, 2002 @10:26AM (#4461966) Homepage
        No, but Cheney's secret hideout is here [globalsecurity.org] and its perfectly legal to discuss this and enter into your favorite rendering program all the building information that you can glean from the satellite photos, make a quake mod, practice assaulting the place. However, you will go straight to hell for [reading, discussing, thinking about] faulty joystick drivers. God Bless the USA!
    • by beleg777 ( 551987 ) on Wednesday October 16, 2002 @08:45AM (#4461155)
      Ok, this looks to me to be the same as any other patch documentation. My impression is that the reasons it's illegal are the same sections and logic used to indight Skylarov. If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?

      Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.
    • Re:Oh no... (Score:5, Funny)

      by McFly69 ( 603543 ) on Wednesday October 16, 2002 @08:53AM (#4461235) Homepage
      Geeee nice going. Now with this posted in the comments and anyone who reads/post the comments is liable for the above comment. Good thing I did not post anything...^C^C^Z^CsdSD#$RJ^C^C^Z

      FUCK ...STOP SUBMIT BUTTON!!!

      ^C^C^Z^Z@#@#SD....
    • Re:Oh no... (Score:5, Funny)

      by smoondog ( 85133 ) on Wednesday October 16, 2002 @09:04AM (#4461329)
      I'm a moderator, and I was going to moderate this post, but then I realized there wasn't a "-1 Illegal" option...

      -Sean
  • by Junior J. Junior III ( 192702 ) on Wednesday October 16, 2002 @08:02AM (#4460844) Homepage
    So that it will be illegal to explain to someone why it's illegal to explain to someone why it's illegal to...
  • by Anonymous Coward on Wednesday October 16, 2002 @08:04AM (#4460854)
    that somebody is gonna post the whole text of it here on slashdot and that I'm gonna see a blank DMCA WAS HERE page when I load up my homepage.
  • by attobyte ( 20206 ) on Wednesday October 16, 2002 @08:04AM (#4460858)
    Soon the US will be like China. Anyone want to make 50 cents a day to program Microsoft software? :)

    Atto
  • by Anonymous Coward on Wednesday October 16, 2002 @08:06AM (#4460870)
    Anything you say can and will be held against you in a court of law.
    Land of the free ride to jail.
    What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.
    • by Grishnakh ( 216268 ) on Wednesday October 16, 2002 @12:27PM (#4462924)
      Copyright holders do not have the right to have their business models enforced by the police.

      No, copyright holders DO have this right. They've legally purchased this right from Congress. If you want some rights, you need to pay Congress for them too. What did you think, that this was a country by the people, of the people, and for the people?
  • An Idea (Score:5, Interesting)

    by Derg ( 557233 ) <alex.nunley@gmail.com> on Wednesday October 16, 2002 @08:06AM (#4460871) Journal
    To quote the article:
    Does this mean that all of the companies issuing security advisories are breaching the DMCA?


    Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA? Could someone sue MS for releasing details that are then used to build a worm? (CodeRed comes to mind...)

    Just my $.02
    • Of course someone could. But not, under US law, without having more money than Microsoft has - if they want to win.
    • Re:An Idea (Score:5, Funny)

      by Palarran ( 323825 ) on Wednesday October 16, 2002 @08:46AM (#4461169)
      So, Microsoft's program of quickly released, well documented patches is being cancelled?
    • Re:An Idea (Score:4, Informative)

      by jc42 ( 318812 ) on Wednesday October 16, 2002 @10:31AM (#4462006) Homepage Journal
      Does this mean that when MS decides to release a "security patch" for one of its releases, and explains why this patch is necessary and how it might be exploited, that they are in breach of the DMCA?

      Probably not, but if YOU were to do this, you would be in violation of the DMCA. The main point of the DMCA is to protect companies from you and me revealing that security-related products are shoddy.

      I recently got involved in a specific discussion where this might apply. Some people discovered that they could get the text out of most MS Word docs using the unix "strings" command. The format isn't pretty, but the text is there. The problem is that you also get "deleted" text that Word has just marked deleted but hasn't erased. This text can be from other docs that the sender's copy of Word has processed. This could be a very serious security leak in some cases.

      This could be fixed in a unix mail reader, if the programmers could get enough info about the Word format to identify the deleted text and skip over it. This would presumably be legal. But if you were to describe the security issue when releasing the patch, you would be guilty of publicising a security flaw in MS software, and would thus be in violation of the DMCA.

      So far, the decision seems to be to keep quiet about this, and just treat it as Someone Else's Problem.

      There is the outstanding question of whether we unix/linux geeks are committing a serious crime if we warn Word users about this security issue. In particular, what sort of danger am I in by mentioning it here?

      Maybe I should submit this as an Anonymous Coward? Nah ...

  • what if (Score:3, Insightful)

    by tanveer1979 ( 530624 ) on Wednesday October 16, 2002 @08:06AM (#4460872) Homepage Journal
    The US gov says that all sites which can be accesed from US have to comply by its laws irrespective of its location, otherwise the country will be declared terrorist and bombed to kingdom come?

    Dosent seem too unlikely considering the chaps at the top

  • What this means... (Score:4, Interesting)

    by Rantastic ( 583764 ) on Wednesday October 16, 2002 @08:07AM (#4460874) Journal
    Seems to me that this means:

    Someone outside the US found a security flaw that allows exploitation of the sysetm.

    Explaining how to circumvent security is against the DMCA.

    Red Hat supplies a patch, but they cannot tell you exactly what it fixes, because that would be explaining how to circumvent security.

    Ah the horrors of humanity!

  • DMCA is a success (Score:5, Interesting)

    by javatips ( 66293 ) on Wednesday October 16, 2002 @08:07AM (#4460875) Homepage
    It really looks that the DMCA induce so much fear that people start to censure themself.

    The media corporation must be really happy yo see this.

    I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself. If the patch is supposed to be legal under the DMCA, why would it's description would be illegal.

    I believe that these guys try the wrong way to persuade others that the DMCA is bad.

    • by handorf ( 29768 ) on Wednesday October 16, 2002 @08:23AM (#4460991)
      No, it makes sense. Teaching people about security holes is illegal. Patching them isn't.

      Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...
      • by Jorrit ( 19549 ) on Wednesday October 16, 2002 @08:52AM (#4461226) Homepage
        To me providing a patch in source form is exactly the same as providing a description. Source code is readable. People who can program in the language that the patch was made in, can understand (with a little bit of effort) what is going on there. So to me this patch is a description. It is only given in another language then plain english.

        I leave aside what this implies for the DMCA though :-)

        Greetings,
    • by shren ( 134692 ) on Wednesday October 16, 2002 @09:45AM (#4461659) Homepage Journal

      I believe that these guys try the wrong way to persuade others that the DMCA is bad.

      What? This is one of the most effective anti-DMCA bits, uh, ever. "You, over there. In the US. You can't read this. Shoo." Telling people 'no' is a sure way to invoke thier interest.

  • How absurd! (Score:5, Funny)

    by jmcwork ( 564008 ) on Wednesday October 16, 2002 @08:08AM (#4460884)
    Next we are going to find out that all US Citizens have been placed on Double Secret Probation!
  • by cr@ckwhore ( 165454 ) on Wednesday October 16, 2002 @08:11AM (#4460908) Homepage
    Ok, so Red Hat can't tell us what the patch is about... but from what I've read so far, I understand that its regarding security, and therefore, informing me about the security problem is illegal under the DMCA, because "it could be used to circumvent a digital copyright mechanism". (the computer)

    But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?

    I fucking hate the DMCA... what a stupid piece of shit. It impedes free speach, which BTW is against the US Constitution, and it costs me money, because now I have to spend extra time researching a problem that is critical to the security of my business.

  • Clever tactic (Score:5, Insightful)

    by akookieone ( 530708 ) <<andrew> <at> <beginsinwonder.com>> on Wednesday October 16, 2002 @08:14AM (#4460931) Homepage
    Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.
  • by ianweeks ( 254559 ) on Wednesday October 16, 2002 @08:15AM (#4460935)
    Registrant:
    Linux MM, c/o Conectiva Inc.
    R. Tocantins 89
    Cristo Rei
    80050430, Curitiba PR
    BR
    Created on: 07-AUG-01
    Expires on: 07-AUG-06
    Last Updated on: 07-AUG-01

    Administrative Contact:
    van Riel, Rik
    Linux MM, c/o Conectiva Inc.
    R. Tocantins 89
    Cristo Rei
    80050430, Curitiba PR
    BR
    +55 41 360 2600
  • paradoxes (Score:5, Funny)

    by kipple ( 244681 ) on Wednesday October 16, 2002 @08:18AM (#4460962) Journal
    1. I wonder if any lawyer can make a lawsuit out of this. If they do, they must have read "The Thing", and thus can be jailed. Why a lawsuit? I don't know, but lawsuits in the US seem to be the only way to say something or prove it.
    2. I'm sure RedHat folks will be called terrorists. After all, the "Red" in the Hat (and the fact that they are Kernel HACKERS) says it all...

    smile, it's fun :)
  • New Kernel patch? (Score:5, Insightful)

    by Nighttime ( 231023 ) on Wednesday October 16, 2002 @08:23AM (#4460989) Homepage Journal
    That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?
  • RH Reasoning (Score:5, Informative)

    by HappyPhunBall ( 587625 ) on Wednesday October 16, 2002 @08:28AM (#4461026) Homepage
    Apparently RH is respecting the copyright of the people who discovered the flaws and chose to license the text under the "TheFreeWorld" blanket to prevent the authors from being accused of distributing potentially infringing documentation in the US. Read the article at The Register, it is almost as poorly written as this post but according to this excerpt:

    The document has been copyrighted, and the authors have chosen to restrict its distribution, and to use Thefreeworld.net licence as the mechanism for doing so. Note that it is the copyright, rather than fear of the DMCA, that has forced Red Hat to join in.

    RH is only doing this to protect the authors who for whatever reason chose to copyright the document. Possibly the wish to make a point as well concerning the idiocy of the DMCA.
  • What if... (Score:5, Funny)

    by Markus Ingvarsson ( 589192 ) on Wednesday October 16, 2002 @08:30AM (#4461036)
    What if someone forces you to read it?

    You know, this could be used to "frame" someone;
    Print it out (don't look at it!), then, when your victim least expects it - pull it up and say "read"!
    Go to the nearest police station and say that you captured a "terrorist". :-)

    Lucky me, I live in sweeeeeden..
  • The gist... (Score:3, Interesting)

    by KillerBob ( 217953 ) on Wednesday October 16, 2002 @08:34AM (#4461063)
    Thankfully, I'm in Canada and not bound by retarded US laws. /. is, though, so I'm not gonna post verbatin what the patch is.

    The gist of this security patch is to fix driver vulnerabilities. It fixes several of them, not one of them is exploitable by a remote user. They all require the hardware in question to be connected to exploit the driver vulnerability, and they all involve allowing people to write to kernel memory space. In other words... they could be used to nuke a linux box by a local user (why not just 3-finger salute, I know not), but the moment you reboot the problem is fixed anyway.
  • Missing the point? (Score:5, Interesting)

    by Zocalo ( 252965 ) on Wednesday October 16, 2002 @08:35AM (#4461066) Homepage
    It seems to me that a lot of people seem to think that Red Hat is doing this because they are running scared of the DMCA. Couple of points here:

    Q. Which kernel hacker does Red Hat employ, outside of the US?
    A. Alan Cox.

    Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
    A. Use of the DMCA to indict Sklyarov.

    It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.

    The words "hoist", "own" and "petard" spring to mind. ;)

  • by twoslice ( 457793 ) on Wednesday October 16, 2002 @08:36AM (#4461070)
    Who actually reads the fine print when they download something or access a web site???

    prOn sites: The button that says I am under 18 get me outta here! Who would ever click this button???

    Micro$oft Eula: ...turn over my first born... missing appendages...soul....I am willing to bet a couple of people have clicked yes to this! poor dudes.

    and now we have...

    Redhat: Don't click on the button if you are not a U.S Citi.... Click!
  • by pointwood ( 14018 ) <jramskov AT gmail DOT com> on Wednesday October 16, 2002 @08:41AM (#4461111) Homepage

    In case you don't know it, we will be getting something similar to the DMCA in Europe soon :(

    You can read more here [eurorights.org].

  • by eurostar ( 608330 ) on Wednesday October 16, 2002 @08:43AM (#4461141)
    here is the time to have a true "world company"

    let's base debian in antarctica...
  • by kfg ( 145172 ) on Wednesday October 16, 2002 @08:46AM (#4461172)
    that makes it illegal to release the information to US citizens. The patch code was written entirely by non US citizens outside of the US borders. In order to prevent the possible prosecution by the US government, ala Skylarov, they released under license terms that forbid divulging information about it.

    *Redhat* is not the refuser here, they are simply bound by the terms of the author's *license.*

    Now, let's do a little deductive work here while we're about it, shall we?

    This isn't a "Linux" patch, it's "Redhat" patch. And what *Redhat* kernel developer has already shown a propensity for making socio-political statements with the license terms of his kernel patches regarding the DMCA?

    Anyone care to go waaaaaaaaaay out on a limb and "guess" just who might have had a hand in this?

    I'll give you three guesses, but if you don't get it in one you haven't been paying attention.

    KFG
  • by jmv ( 93421 ) on Wednesday October 16, 2002 @08:59AM (#4461286) Homepage
    2002: New RedHat Kernel Patch Illegal to Explain to U.S. Users

    2012: New RedHat Kernel Illegal to Explain to U.S. Users

    2022: Engineering Illegal to Explain to U.S. Users
  • by flikx ( 191915 ) on Wednesday October 16, 2002 @09:07AM (#4461356) Homepage Journal

    I LIVE IN THE US: Salt Lake City, Utah. Come get me. Muwahahaha!

  • by Get Behind the Mule ( 61986 ) on Wednesday October 16, 2002 @10:15AM (#4461869)
    The issues discussed in the patch notice are pretty mundane, and it took me quite some time to figure out what the hell the problem with the DMCA might be. I'm still not sure.

    The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)

    But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.

    I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?

    I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.
  • by papasasha ( 576455 ) on Wednesday October 16, 2002 @10:21AM (#4461912)
    Chapter 12, section 1201 of the DMCA. "(c) Other Rights, Etc., Not Affected. - (4) Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. " You can talk about it. You can read it. You can even post it. Bob & Tom can read the Redhat patch description over the radio. This looks to be in direct conflict with b1, also in section 1201: "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that - " U.S. congress is prohibited from passing the latter into law, it being in direct conflict with the first amendment. Remove the word 'technology' and it's probably okay. If 'technology' means descriptions as well as boxes with pretty lights and buttons. First amendment of the American constitution includes: "Congress shall make no law ... abridging the freedom of speech, or of the press ... " A Google search for "DMCA first amendment" and "bill of rights" will get you where you need to go if you think I've taken something out of context. Apologies for the length; brevity is not the soul of law. Legal experts, I'll be interested to hear why I've incorrectly interpreted this rare clear use of English in legislation.
  • by aaron_pet ( 530223 ) <aaron_pet@@@hotmail...com> on Wednesday October 16, 2002 @10:40AM (#4462087) Homepage Journal
    Young man, there's a need to feel down
    I said, young man, throw yourself on the ground
    I said, young man, 'cause your in a new town
    There's a need to be unhappy

    Young man, there's a place you can go
    I said, young man, when you're short on your rights
    You can stay there, and I'm sure you will find
    Many ways to have a good time.

    It's fun to stay at the J.A.I.L.
    It's fun to stay 'cause the D.M.C.A.
    They have everything For old men to enjoy.
    They can hang out with all you boys.

    It's fun to stay at the J.A.I.L.
    It's fun to stay 'cause the D.M.C.A.
    You can't get yourself clean
    You can't have a good meal (because it likely contains DNA that created a plant that fuels you so you can talk... and say anything... and thats information that they don't want you to share)
    They can do whatever they feel.

    Cong' man, Are you listening to me
    I said, cong' man, what do you want to be
    I said, cong' man, you can make go away your rights,
    all you've got to do is this one thing.

    No man, does it all by himself
    I said, every man, put your life on the shelf
    And just break that, its the D.M.C.A.
    I'm sure you can break that today

    It's fun to stay at the J.A.I.L.
    It's fun to stay 'cause the Y.M.C.A.
    You have everything for old men to enjoy.
    They can hang out with all you boys.

    Cong' Man, I once filled your shoes,
    I said, I'm not down with the you's
    I felt, no man cared if I were alive
    I felt the whole world was so jive

    That's when someone came up to me
    and said young man take a walk up 1600 pen 'reet
    There's a thing there called the D.M.C.A.
    They can start you'r ass on it's way.

    D.M.C.A.
    just go to the J.A.I.L.
    Cong' Man, Cong' Man, I once filled your shoes,
    Cong' Man, Cong' Man, Now it's out with all yous

    D.M.C.A.
    D.M.C.A.
    D.M.C.A.
    D.M.C.A.
  • by zentec ( 204030 ) <zentec@gmai l . com> on Wednesday October 16, 2002 @11:45AM (#4462640)

    The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.

    A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.

    Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.
  • by Tom7 ( 102298 ) on Wednesday October 16, 2002 @01:12PM (#4463249) Homepage Journal
    This is really stupid and childish. I'll be the first to condemn the DMCA (after my own legal troubles [cmu.edu] with it), but this is not the way to go about it.

    Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.

    What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.

    The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)

    The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.

news: gotcha

Working...