Interesting People mailing list archives
IP: Re: Libsafe
From: Dave Farber <farber () cis upenn edu>
Date: Sun, 23 Apr 2000 16:20:25 -0400
X-Sender: >X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Sun, 23 Apr 2000 11:02:58 -0600 To: farber () cis upenn edu, ip-sub-1 () majordomo pobox com From: Brett Glass <brett () lariat org> Subject: Re: IP: Libsafe Whew! At first, I was alarmed by this posting. If the library were indeed released under the "GNU General Public License," it would have been a tragedy, as it would have been infeasible for developers of commercial application programs to use it. (The incorporation of a library covered by the GPL forces the developer to reveal all of the source code of his application and, essentially, to forfeit any chance he may have to profit from licensing the code.) Fortunately, the posting was not correct. According to the page at http://www.bell-labs.com/org/11356/libsafe.html, the code for the Libsafe library was actually released under the "GNU Library GPL," which does not carry this onerous restriction. While Richard Stallman has attempted to deprecate the LGPL (he recently attempted to rename it the "lesser GPL" because it is not as hostile to commercial and closed source developers' interests as the GPL), it is closer to the correct licensing scheme for this product though it also poses some problems. The best licensing scheme for this product would have been the MIT X license or BSD license, because it would have permitted commercial development of improved versions of the library and would have allowed the code and its features to be built directly into the code of commercial operating systems. The LGPL, unfortunately, precludes this and thus may hinder the spread of this useful technology. Hopefully, AT&T will reconsider its decision to use the LGPL and will release the code under the MIT X license (as it has done with some other software). This would allow the code to be incorporated directly into Microsoft's operating systems (which, Heaven knows, could use it!) as well as worthy alternative operating systems such as BeOS, QNX, etc. --Brett Glass At 05:44 AM 4/23/2000, David Farber wrote:http://www.wideopen.com/story/762.html Upshot: Released under the General Public License, Libsafe is designed toprotect against the most common type of security attack.Wider: * Libsafe Source Code * StackGuard Compile Bell Labs, the R&D arm of Lucent Technologies, announced Thursday thatit has released Libsafe, a new security software program for Linux. Libsafe prevents intruders from overloading an application's buffer memory to gain unauthorized access to a computer. (Located between two devices that have varying speeds for handling data, a buffer acts as a temporary storage unit or "dam," holding data and then disseminating it at a rate that will not flood the "lower banks.") According to a joint report by the Oregon Graduate Institute of Science and Technology and Darpa, buffer overflows or "stack-smashing attacks" have been the most common type of security exploit during the past 10 years.
Current thread:
- IP: Re: Libsafe Dave Farber (Apr 23)