Foreword: I recently wrote a column about the support in the Linux kernel and in utilities for enforcing GPL licensing on loadable modules. As can be expected, this issue has been debated on the Linux Kernel Mailing List. A lengthy session ran in September of 2001 with a run of 75 messages. The debate has just resurfaced over issues with the Linux Security Module mechanism. Note that the FAQ for the Linux Kernel Mailing List (LKML) can be found here, and an archive of the LKML is available here.

---

Binary-only module GPL issues — redux
by Kevin Dankwardt

Linux Security Module

An overview of the Linux Security Module (LSM) mechanism can be found here. Essentially, LSM is a kernel patch that provides support to modules that wish to implement security mechanisms. Key kernel data structures such as task_struct, superblock, and kern_ipc_perm are modified to have security fields.

Binary Only Modules Discussion

The September 2001 discussion began with a posting by Arjan van de Ven, stating that he was composing a list of existing binary-only drivers for Linux. A number of other contributors replied with additional drivers. It was pointed out that the amount of source code provided, and whether it was GPL'd, varied from driver to driver. Thus, the issue was more than just about binary-only.

The binary-only module issue regarding LSM hinges on differences in opinion as to whether LSM related modules should be required to be GPL'd. As an example, Alan Cox wrote “With the current lunatic US congress proposals on security, crypto and building big brother into all PC's I'd say allowing non GPL security modules is positively dangerous to the well being of non US itizens.”

One of the developers of LSM, Greg Kroah-Hartman, proposed a comment for a header file, that seeked to clarify that the LSM mechanism could be used by only GPL'd modules. The comment in the header file was “This file may not be included in any code not licensed under the list of accepted free software licenses as defined in module.h contained in this same directory. “

He explains his position a bit, and reasons that non-GPL code may not include GPL header files. Crispin Cowan, in a lengthy reply, suggests that it may be best to just label header files as GPL and not add any additional commentary about their usage. Cowan also points out that if non-GPL programs are not permitted to include GPL header files then many user space programs are in violation.

Crispin Cowan suggests: “This file is GPL. See the Linux Kernel's COPYING file for details. There is controversy over whether this permits you to write a module that #includes this file without placing your module under the GPL. Consult your lawyer for advice.” Greg Kroah-Hartman accepts that phrase and adds it to the file.

Ignacio Vazquez-Abrams, points out that header files sometimes include macros, and the bodies of those macros are essentially inserted into the code that uses them. He therefore suggests that header files may be better licensed as LGPL.

One can also see that some header files include inline definitions of functions which have the same code-including effect as do macros. Thus, a new GPL related issue has cropped up.

Then, Greg Kroah-Hartman suggests that the LSM functions be marked as callable only from GPL code. Alan Cox replies that GPL-only symbol exporting is coming.

In another twist, it was discovered that an author of a kernel driver had apparently granted someone another license besides GPL so that they were allowed to use the driver code in their own, non-GPL code. Nicholas Knight, suggested that linux kernel code authors divulge when they give out alternative licenses, so that members of the Linux community don't needlessly accuse other developers of violating the GPL in the use of such code.

LSM issue again

On October 17, 2002, Christoph Hellwig, posted a patch that changed the symbol export of several LSM security functions to GPL-only. It was later stated by another contributor that one of the authors of the security code, Crispin Cowan, was opposed to using GPL-only exporting on the symbols. Cowan has said that he believes there is benefit in permitting proprietary modules, just as there is benefit in permitting proprietary applications.

When asked what additional benefit the GPL-only exporting provides, Christoph Hellwig wrote: “My arguement [SIC] is that I want this flag as a hint for authors of propritary security modules that I'm going to sue them if they use hook called from code I have copyright on.”

In an apparent sign of frustration, Linus Torvalds wrote: “Note that if this fight ends up being a major issue, I'm just going to remove LSM and let the security vendors do their own thing.” Torvalds goes on to say “In short, … I think it's very clear that a LSM module is a derived work, and thus copyright law and the GPL are not in any way unclear about it.”

Linus Torvalds, in a subsequent message, clarified his stance on the GPL-only symbol export macro: “Side note: it should be noted that legally the GPLONLY note is nothing but a strong hint and has nothing to do with the license (and only matters for the _enforcement_ of said license).” Additionally, he likened the GPL-only exportation to a “click-through” license agreement. The GPL-only symbols require a module to declare itself to be GPL, and thus acknowledge that it is using GPL code.

Incidentally, the latest version of the 2.5 series Linux kernel, 2.5.44, includes the LSM patch and has the “consult a lawyer” comment in the security header file. Also, five entities, two individuals, and three companies are listed on the file as copyright holders.

Finally, Richard B. Johnson gives a code fragment that can be linked into a binary-only module so that the result claims GPL licensing. This raises another issue: since the GNU/Linux linker, ld, provides for linking object files together into yet another object file, if one links an object file that says it is GPL with an object file that does not specify a license, the resulting object file will claim GPL.

Summary

It is clear that the GPL issue concerning loadable modules is as factious as ever. The introduction of the GPL-only exportation of symbols and of tainting the kernel has not resolved the issue. Jeff Garzik voices the opinion of many of us when he says: “Sigh, I hate legal crap.”

Acknowledgement: Thanks to Karim Yaghmour for letting us know about this recent discussion.

---

About the author: Kevin Dankwardt is founder and President of K Computing, a training and consulting firm. He has spent most of the last 9 years designing, developing, and delivering technical training for such subjects as Unix system programming, Linux device drivers, real- time programming, and parallel-programming for various organizations world-wide. He received his Ph.D. in Computer Science, in 1988.

---

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.