Content deleted Content added
m robot Adding: pt:Binary blob |
sharpen definition, restructure, add several reasons against |
||
Line 1:
An [[Objective Code|object file]] to be [[Linker|loaded]] into the [[Kernel (computer science)|kernel space]] of an [[Open-source software|open source]] [[operating system]] is called a '''binary blob''' if its [[source code]] is not publicly available.
This term should not be applied to code running outside the kernel, for example [[BIOS]] code, [[firmware]] images, or [[userland]] programs.
The OpenBSD project has a notable policy of not accepting binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws but also its encroachment onto the openness and freedom of their software.<ref>{{cite web|last = Music composed by Ty Semaka and Jonathan Lewis. Recorded, mixed and mastered by Jonathan Lewis of Moxam Studios (1-403-233-0350). Vocals and Lyrics by Ty Semaka & Theo de Raadt. Bass guitar, organ and bubbles by Jonathan Lewis. Guitar by Tom Bagley. Drums by Jim Buick|url = http://www.openbsd.org/lyrics.html#39|title = 3.9: "Blob!"|publisher = OpenBSD|accessdate = 2006-06-22}}</ref> This stance has been somewhat validated by information released during the [[August 2]], [[2006]] [[Black Hat Briefings|Black Hat USA]] convention where an exploit within the binary driver for the [[Atheros]] [[wireless network card]]s used in [[MacBook Pro]]s and elsewhere was claimed,<ref>{{cite web|last=Martin|first=Kelly|publisher=SecurityFocus|date = [[August 3]] [[2006]]|url = http://www.securityfocus.com/brief/271|title = WiFi makes waves at Blackhat|accessdate = 2006-08-25}}</ref> although it was later revealed that the exploit used third-party hardware and drivers.<ref>{{cite web | url = http://www.macworld.com/news/2006/08/17/wirelesshack/index.php | title = MacBook Wi-Fi hack didn't use Apple drivers | last = Dalrymple | first = Jim | date = [[August 17]] [[2006]]}}</ref>▼
==Reasons for using binary blobs==
The NVIDIA Binary Graphics Driver for Linux had a vulnerability that allowed privilege escalation to root.<ref>{{cite web|last=Abdine|first=Derek|publisher=Rapid7|title=NVIDIA Binary Blob Driver Advisory|url=http://download2.rapid7.com/r7-0025/|date=[[Oct 17]] [[2006]]}}</ref>▼
When [[computer hardware]] vendors provide complete technical documentation for their products, operating system developers are able to write open source hardware device drivers to be included in the operating system kernels. In this case, there is no need for any binary blobs.
But some vendors, such as [[ATI Technologies|ATI]] and [[NVIDIA]], fail to provide complete documentation for some of their products. Providing binary blobs instead is most common for accelerated graphics drivers, networking devices and [[RAID]] controllers.
When they can neither get hardware documentation nor device driver source code from a hardware vendor, some operating system projects, including [[NetBSD]], [[FreeBSD]], [[DragonFly BSD]], and the Ubuntu [[Linux distribution]], accept binary blobs as a fast route to the missing or enhanced functionality these blobs provide.<ref name="bsdinterview">{{cite web | url = http://os.newsforge.com/os/05/06/09/2132233.shtml?tid=8&tid=2 | title = BSD cognoscenti on Linux | accessdate = 2006-07-07 | last = Matzan | first = Jem | date = [[15 June]] [[2005]]| publisher = NewsForge }} See Christos Zoulas's response to "Is sharing between Free/Open/NetBSD and the Linux kernel a common occurrence? And if so, does it go both ways?"</ref>
In order to make use of binary blob drivers available for other operating systems, some projects include software [[wrapper]]s: examples include [[NdisWrapper]] for [[Linux]] and Project Evil for [[FreeBSD]] and [[NetBSD]], both of which implement [[Microsoft]]'s [[Network Driver Interface Specification|NDIS]] [[Application programming interface|API]] to allow [[Microsoft Windows|Windows]] drivers to be used.
==Reasons against using binary blobs==
There are several reasons why binary blobs can cause problems:
* Correctness of the driver code cannot be checked.
* The code is often unnecessarily large and complicated.
* The code cannot be audited for security; security flaws may go unnoticed for long times.
* Users are forced to trust vendors not to put backdoors and spyware into the blob.
* In case of bugs or vulnerabilities, the driver cannot be repaired by the operating system authors, even though it will compromise system integrity, usually at the [[Superuser]] level.
* The hardware vendor can decide not to support some operation systems.
* The hardware vendor can decide to abandon driver maintenance at any time, thus effectively rendering the hardware device useless.
* The driver cannot be modified and adopted to special needs.
===Projects actively opposing binary blobs===
The [[OpenBSD]] project has a notable policy of not accepting any binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws but also its encroachment onto the openness and freedom of their software.<ref>{{cite web|last = Music composed by Ty Semaka and Jonathan Lewis. Recorded, mixed and mastered by Jonathan Lewis of Moxam Studios (1-403-233-0350). Vocals and Lyrics by Ty Semaka & Theo de Raadt. Bass guitar, organ and bubbles by Jonathan Lewis. Guitar by Tom Bagley. Drums by Jim Buick|url = http://www.openbsd.org/lyrics.html#39|title = 3.9: "Blob!"|publisher = OpenBSD|accessdate = 2006-06-22}}</ref>
The [[Free Software Foundation]] (FSF) is actively campaigning against binary blobs, even though some [[Linux distributions]] do include them.<ref>{{cite web|url=http://www.fsf.org/blogs/community/rms-ati-protest.html|title=Protest against ATI nearly led to the arrest of RMS|date=[[27 April]] [[2006]]|accessdate=2006-10-10|publisher=Free Software Foundation}}</ref>
===Famous examples of binary blob vulnerabilties===
▲
▲The NVIDIA Binary Graphics Driver for Linux had a vulnerability that allowed privilege escalation to root.<ref>{{cite web|last=Abdine|first=Derek|publisher=Rapid7|title=NVIDIA Binary Blob Driver Advisory|url=http://download2.rapid7.com/r7-0025/|date=[[Oct 17]] [[2006]]}}</ref>
==Firmware issues==
[[Firmware]], the operating software required by a device's onboard [[microcontroller]] that accompanies some hardware, is generally not considered to be a binary blob. However, the FSF has begun campaigning for free BIOS firmware.<ref>{{cite web|url=http://www.fsf.org/campaigns/free-bios.html|title=Campaign for Free BIOS|publisher=Free Software Foundation|date=2006-11-29|accessdate=2007-01-02}}</ref> Often firmware is stored in onboard [[flash memory]], but to decrease costs and ease upgrading, some manufacturers now use external firmware uploaded by the operating system. Although the firmware is present in the operating system, it is merely copied to the device and not executed, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute the images if the license permits.<ref>{{cite web | title = OpenBSD Works To Open Wireless Chipsets|date = [[November 2]] [[2004]]|publisher=KernelTrap|url = http://kerneltrap.org/node/4118 | accessdate = 2006-06-23}}</ref>
| |||