Sign in to follow this  
hiigara

[Linux] How can I let users link to my .so without being able to read/copy it?

Recommended Posts

Let's say my game engine is compiled in game.so . Let's say I recruit one developer to work on the server code, I don't want him to have access to game.so (initially), but still be able be able to link to it. He will have his own linux account of course. If I set permitions on the .so to --x (no read, no write, just execute), will that work? Or is there a better solution?

Share this post


Link to post
Share on other sites
Quote:
If I set permitions on the .so to --x (no read, no write, just execute), will that work?

No. The dynamic linker needs to have read access to the shared objects -- execute permissions are superfluous.

What you're trying to do is silly and pointless.

Quote:
Or is there a better solution?

Just give him read access to the library. Have him sign an NDA (or other appropriate legalese) if you're concerned about IP theft.

Share this post


Link to post
Share on other sites
It might actually be possible:
Say your untrusted employee is user A.
Set the lib readable to user or group B.
Set the linker executable(s) owner to user or group B.
Set that magic permission bit that makes a program execute with the right of its owner (can't remember the name, SUID or something like that).

Tadaaa! The linker can read the lib, but A can't.

There's a small caveat however. If the A has access to the resulting executable, he'll be able to access the content of the lib through that executable. It might be a bit tougher, but still doable.

Bottom line 1: You can't make something available and not available at the same time (see various DRM and other copy protection efforts).

Bottom line 2: Go for the legal solution as Mushu suggested. It's effective in your case.

Share this post


Link to post
Share on other sites
Quote:
Original post by hiigara
Let's say my game engine is compiled in game.so .
Let's say I recruit one developer to work on the server code, I don't want him to have access to game.so (initially), but still be able be able to link to it.


Your .so contains nothing worth stealing, either in compiled, or in source form.

Considering Unreal Engine is available for free, proprietary engines don't carry any value anymore.

Source code today is worth zilch. Anything that can be written has been written. Competitive advantage today can only be gained by knowing what and how to integrate to best solve the problem at hand.

And if someone has that knowledge, they'll quickly find a simpler, cheaper and better solution to whatever you may think you have.

Even if the following sounds harsh, the sooner you get to terms with the reality, the sooner you'll be able to focus on important.


You wouldn't want to end up like this freelancer.

Edit: Alternative is to expose the API via some form of RPC. Under Linux this would mean providing a proxy API of everything in your library, then routing all messages via some form of IPC while your engine is running as separate process. Bulk data can be shared via shm.

Whether this is worth it is debatable, but it should work reasonably well.

Share this post


Link to post
Share on other sites
I see your point guys. I know my engine is not worth kajigers.
But I do not intend to sell it in the first place.
I am going to build an online game(s) on top of it, and will have to hire some help. Writing everything on my own is not practical.
What I don't want to happen is, some programmer from Kerbleckistan, after one month of work, leaves the project and creates a clone server of my game.
NDAs are for companies, who can afford lawyers. I can't even afford an office.

The setuid flag is probably what I need. There will be ways around it, I know. As long as it is hard enough, it will deter the guy from Kerbleckistan, until he becomes a trusted contractor.
Running the code as a separate process is not a bad idea either, but it seems a lot of work.

Share this post


Link to post
Share on other sites
Quote:
Original post by hiigara
NDAs are for companies, who can afford lawyers. I can't even afford an office.


NDAs are for peoples. Companies can't disclose secrets, they can't communicate.
A lawyer is cheaper than an office, because you pay only the hours you use. Also, the first hour is often free.

For the NDA itself you probably don't even need a lawyer. Get a contract of the internet, there are some useful links in the references and external links of the wiki page.

I think a signed legal document is much more scary than any technical means can ever be, even if you don't intend to defend it. The other party doesn't know that.

Share this post


Link to post
Share on other sites
Quote:
Original post by hiigara
What I don't want to happen is, some programmer from Kerbleckistan, after one month of work, leaves the project and creates a clone server of my game.


Make your game worth cloning, then worry about it getting cloned.

And realistically, you don't need an NDA. You need a proper employment agreement that says that any code Joe Kerbleckistanian writes during employment related to company project (make sure to let him submit code before employment that he already wrote so there's less question about what was written when) is under the company's copyright. Then if that code shows up somewhere else, release the hounds.

IANAL, this is not legal advice, yadda; yadda.

Share this post


Link to post
Share on other sites
Quote:
Original post by Telastyn
And realistically, you don't need an NDA. You need a proper employment agreement that says that any code Joe Kerbleckistanian writes during employment related to company project (make sure to let him submit code before employment that he already wrote so there's less question about what was written when) is under the company's copyright. Then if that code shows up somewhere else, release the hounds.

Realistically, it is almost impossible to legally enforce an NDA or clauses of an employment contract in countries that would usually fit into the category 'Kerbleckistan'.

Some governments of typical outsourcing countries (let's name it - China is the main offender here) will actually (unofficially) encourage copyright and patent infringement if it helps their local economy. Your chances of scaring people with legal means in such a context are zero. Technical locks are your only realistic possibility here (unless you are a huge multinational corporation that could seriously damage the countries economy, but in that case you already have possibilities that bypass the legal system altogether).

Share this post


Link to post
Share on other sites
Quote:
Original post by Yann L
Quote:
Original post by Telastyn
And realistically, you don't need an NDA. You need a proper employment agreement that says that any code Joe Kerbleckistanian writes during employment related to company project (make sure to let him submit code before employment that he already wrote so there's less question about what was written when) is under the company's copyright. Then if that code shows up somewhere else, release the hounds.

Realistically, it is almost impossible to legally enforce an NDA or clauses of an employment contract in countries that would usually fit into the category 'Kerbleckistan'.

Some governments of typical outsourcing countries (let's name it - China is the main offender here) will actually (unofficially) encourage copyright and patent infringement if it helps their local economy. Your chances of scaring people with legal means in such a context are zero. Technical locks are your only realistic possibility here (unless you are a huge multinational corporation that could seriously damage the countries economy, but in that case you already have possibilities that bypass the legal system altogether).


No, but it's probably equally as easy to have some very big men with large baseball bats visit the house of said employees in Kerbleckistan, provided all transactions are in cash and not face to face, you should be ok there.

Share this post


Link to post
Share on other sites
Quote:
Original post by Washu
No, but it's probably equally as easy to have some very big men with large baseball bats visit the house of said employees in Kerbleckistan, provided all transactions are in cash and not face to face, you should be ok there.

Well, I was thinking of the usual 'diplomatic ways' (read: economic or military extortion), but your way will work too. Although you should probably temporarily move your office to a hut in Alaska, depending on who your employee was affiliated with. Just in case the Albanian mafia pays a courtesy visit to your home.

I like how the topic of this thread shifted from Linux permissions to alternative methods of securing your IP [grin]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this