IP: Re: Libsafe

[Dave Farber <farber () cis upenn edu>]

> X-Sender: >X-Sender: brett@localhost
> X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
> Date: Sun, 23 Apr 2000 11:02:58 -0600
> To: farber () cis upenn edu, ip-sub-1 () majordomo pobox com
> From: Brett Glass <brett () lariat org>
> Subject: Re: IP: Libsafe
>
> Whew!
>
> At first, I was alarmed by this posting. If the library were indeed released
> under the "GNU General Public License," it would have been a tragedy, as
> it would have been infeasible for developers of commercial application 
> programs
> to use it. (The incorporation of a library covered by the GPL forces the
> developer to reveal all of the source code of his application and, 
> essentially,
> to forfeit any chance he may have to profit from licensing the code.)
>
> Fortunately, the posting was not correct. According to the page at
> http://www.bell-labs.com/org/11356/libsafe.html, the code for the Libsafe
> library was actually released under the "GNU Library GPL," which does not
> carry this onerous restriction. While Richard Stallman has attempted to
> deprecate the LGPL (he recently attempted to rename it the "lesser GPL" 
> because
> it is not as hostile to commercial and closed source developers' interests as
> the GPL), it is closer to the correct licensing scheme for this product 
> though
> it also poses some problems.
>
> The best licensing scheme for this product would have been the MIT X license
> or BSD license, because it would have permitted commercial development of
> improved versions of the library and would have allowed the code and its 
> features
> to be built directly into the code of commercial operating systems. The LGPL,
> unfortunately, precludes this and thus may hinder the spread of this useful
> technology.
>
> Hopefully, AT&T will reconsider its decision to use the LGPL and will release
> the code under the MIT X license (as it has done with some other software).
> This would allow the code to be incorporated directly into Microsoft's 
> operating
> systems (which, Heaven knows, could use it!) as well as worthy alternative
> operating systems such as BeOS, QNX, etc.
>
> --Brett Glass
>
> At 05:44 AM 4/23/2000, David Farber wrote:
>
> > http://www.wideopen.com/story/762.html
> >
> > Upshot:
> >
> > Released under the General Public License, Libsafe is designed to 
> protect against the most common type of security attack.
> > Wider:
> >
> > *       Libsafe Source Code
> > *       StackGuard Compile
> > Bell Labs, the R&D arm of Lucent Technologies, announced Thursday that 
> it has released Libsafe, a new security software program for Linux. 
> Libsafe prevents intruders from overloading an application's buffer 
> memory to gain unauthorized access to a computer. (Located between two 
> devices that have varying speeds for handling data, a buffer acts as a 
> temporary storage unit or "dam," holding data and then disseminating it 
> at a rate that will not flood the "lower banks.") According to a joint 
> report by the Oregon Graduate Institute of Science and Technology and 
> Darpa, buffer overflows or "stack-smashing attacks" have been the most 
> common type of security exploit during the past 10 years.