netbsd-users: Re: [linux-usb] Anti-NDA petition

Subject: Re: [linux-usb] Anti-NDA petition
To: Alexander Langer <alex@big.endian.de>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 04/27/2000 18:17:04
On Thu, Apr 27, 2000 at 09:51:52AM +0200, Alexander Langer wrote:
> Thus spake David Maxwell (david@vex.net):
> > 2) Security. You like running kernel code that hasn't been subjected to
> > 	public audit? Just wait for the announcement someday... Linux
> > 	tape backup device driver LKM provides back-door root login...
> I don't think that hardware-vendors really do that for binary-drivers.
> Or do you see this behaviour on NT/Solaris?

See it? No, I couldn't see it - since I wouldn't be given the source.
If you wish to argue this point, you need to tell me how I can know for
certain that this would never happen.

> That's exactly the point - afaik many vendors produce binary-drivers
> for Solaris.

And you can't disable LKMs in Solaris, because the OS depends on them.
Go take a look at some Solaris rootkits. Be afraid, be very afraid.

> > 	not to trojan your system - LKMs allow someone who does compromise
> > 	your system to become completely invisible, and replace/intercept
> 
> Gnaaaaaar. Your PC can also explode.

I take it you didn't read the URL I posted then. LKMs allow low-level 
system operations to be changed on the fly. Convienient-yes. Secure-no.

> I'm not sure at the moment: Can kernel-modules be load in securelevel > 0?

I don't know, but I'd guess not.

> > 4) Platform support. So, what are the odds that PCI card vendor 'X' is
> 
> You guys don't understand my point: Opensource drivers are preferable,
> since they have exactly the advantage you point out, but before I have
> NO driver I prefer the binary one.

No, I do understand your point, but I disagree with it. For me, the four
things I listed above are enough to not buy hardware with binary only
drivers. I would liken your statement to "being shot in the foot is better
than being shot in the head." - I don't even want to be shot in the foot.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Although some of you out
there might find a microwave oven controlled by a Unix system an attractive
idea, controlling a microwave oven is easily accomplished with the smallest
of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)