Content deleted Content added
m wikilink |
m Bot: cosmetic changes |
||
Line 3:
This term should not be applied to code running outside the kernel, for example [[BIOS]] code, [[firmware]] images, or [[userland]] programs.
== Reasons for using binary blobs ==
When [[computer hardware]] vendors provide complete technical documentation for their products, operating system developers are able to write open source hardware device drivers to be included in the operating system kernels. In this case, there is no need for any binary blobs.
Line 12:
In order to make use of binary blob drivers available for other operating systems, some projects include software [[wrapper]]s: examples include [[NdisWrapper]] for [[Linux]] and Project Evil for [[FreeBSD]] and [[NetBSD]], both of which implement [[Microsoft]]'s [[Network Driver Interface Specification|NDIS]] [[Application programming interface|API]] to allow [[Microsoft Windows|Windows]] drivers to be used.
== Reasons against using binary blobs ==
There are several reasons why binary blobs can cause problems:
* Correctness of the driver code cannot be checked.
Line 23:
* The driver cannot be modified and adopted to special needs.
=== Projects actively opposing binary blobs ===
The [[OpenBSD]] project has a notable policy of not accepting any binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws but also its encroachment onto the openness and freedom of their software.<ref>{{cite web|last = Music composed by Ty Semaka and Jonathan Lewis. Recorded, mixed and mastered by Jonathan Lewis of Moxam Studios (1-403-233-0350). Vocals and Lyrics by Ty Semaka & Theo de Raadt. Bass guitar, organ and bubbles by Jonathan Lewis. Guitar by Tom Bagley. Drums by Jim Buick|url = http://www.openbsd.org/lyrics.html#39|title = 3.9: "Blob!"|publisher = OpenBSD|accessdate = 2006-06-22}}</ref>
The [[Free Software Foundation]] (FSF) is actively campaigning against binary blobs, even though some [[Linux distributions]] do include them.<ref>{{cite web|url=http://www.fsf.org/blogs/community/rms-ati-protest.html|title=Protest against ATI nearly led to the arrest of RMS|date=[[27 April]] [[2006]]|accessdate=2006-10-10|publisher=Free Software Foundation}}</ref>
=== Famous examples of binary blob vulnerabilties ===
This stance has been somewhat validated by information released during the [[August 2]], [[2006]] [[Black Hat Briefings|Black Hat USA]] convention where an exploit within the binary driver for the [[Atheros]] [[wireless network card]]s used in [[MacBook Pro]]s and elsewhere was claimed,<ref>{{cite web|last=Martin|first=Kelly|publisher=SecurityFocus|date = [[August 3]] [[2006]]|url = http://www.securityfocus.com/brief/271|title = WiFi makes waves at Blackhat|accessdate = 2006-08-25}}</ref> although it was later revealed that the exploit used third-party hardware and drivers.<ref>{{cite web | url = http://www.macworld.com/news/2006/08/17/wirelesshack/index.php | title = MacBook Wi-Fi hack didn't use Apple drivers | last = Dalrymple | first = Jim | date = [[August 17]] [[2006]]}}</ref>
The NVIDIA Binary Graphics Driver for Linux had a vulnerability that allowed privilege escalation to root.<ref>{{cite web|last=Abdine|first=Derek|publisher=Rapid7|title=NVIDIA Binary Blob Driver Advisory|url=http://download2.rapid7.com/r7-0025/|date=[[Oct 17]] [[2006]]}}</ref>
== Firmware issues ==
[[Firmware]], the operating software required by a device's onboard [[microcontroller]] that accompanies some hardware, is generally not considered to be a binary blob. However, the FSF has begun campaigning for free BIOS firmware.<ref>{{cite web|url=http://www.fsf.org/campaigns/free-bios.html|title=Campaign for Free BIOS|publisher=Free Software Foundation|date=2006-11-29|accessdate=2007-01-02}}</ref> Often firmware is stored in onboard [[flash memory]], but to decrease costs and ease upgrading, some manufacturers now use external firmware uploaded by the operating system. Although the firmware is present in the operating system, it is merely copied to the device and not executed, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute the images if the license permits.<ref>{{cite web | title = OpenBSD Works To Open Wireless Chipsets|date = [[November 2]] [[2004]]|publisher=KernelTrap|url = http://kerneltrap.org/node/4118 | accessdate = 2006-06-23}}</ref>
== See also ==
{{Portal|Free software|Floss draft.png}}
* [[Wireless security]]
* [[Loadable Kernel Module]]
== Notes and references ==
<div class="references-small">
<references />
</div>
== External links ==
* {{cite web|last = McMillan|first = Robert|date = [[June 21]] [[2006]]|url = http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html|title = Researchers hack Wi-Fi driver to breach laptop|publisher = InfoWorld|accessdate = 2006-06-23}}
* [http://kerneltrap.org/node/6650 KernelTrap article] on Damien Bergamini's wpi(4) driver, a blobless ipw3945 alternative for OpenBSD
| |||