Slashdot Mirror
Root Exploit For NVIDIA Closed-Source Linux Driver
possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."
Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."
This is as useless as suggesting "Install Linux" when a Windows vulnerability has been found!
This is why I always said that all software for a FOSS operating system should be just that... OPEN.
- Just my $0.02, take with a grain of salt, your mileage may vary.
This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.
Of course they should be allowed. How can that even be prevented? The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.
... this might push nvidia into making the 9xxx drivers available sooner. I hope that solves the googleearth rendering problem.
This is why windows is better. You'll never see a root exploit on a windows machine. We don't try to hide our exploits behind some high level encrpypted account. Leave the holes in the open and they will thing they are a trap. Thats my motto
Thank you for your stand against blobs.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
I'm a huge fan of all thing open source/free software...but I also remember that it's the developer's choice if they want to go open or not. I don't personally understand what "trade secrets" nVidia has to hide by keeping their drivers closed off from the public, but it's still their choice. Unfortunately the open source alternative "nv" driver that comes with X is pretty much worthless if you want to do anything involving 3D. The best situation for those who don't want to use proprietary drivers is to go out and find a company with open drivers and stop using nVidia products if it matters that much to you.
;)
I'm sure endless flame wars will follow below...so you guys have fun with that
"A truly wise man realizes he knows nothing."
But i hope that this will make understand that binary blobs are evil to corporate users.
Wondering why i am doing so strange posts? I am trying to get a "+5,Flamebait" or "-1,Insightful" rating.
I'm not calling into question the value of open drivers. But it seems that most people using nvidia's blob are running on desktop machines, either single-user or within the family. It would seem unlikely that these users are granting remote X sessions to untrustworthy people.
nVidia and ATI are missing out on a pool of talented free labour in their Un*x markets. Seriously they have to pay people to write Windows drivers when they could have Linux people do it for free and fold the best parts back into their Windows drivers. Idiots. ;)
Shh.
...but I told you so.
Cheers,
Theo
Ok, security is never "minor," but it kinda washes out in the context of all of the stability and compatibility problems they've had as compared to FOSS drivers for cards whose manufacturers do publish specs. nVidia simply don't do a good job at writing their drivers. They violate all sorts of rules about how you're supposed to write Linux drivers. But being closed source, no one is ever allowed to fix the problems, and nVidia doesn't put enough people on it to keep up.
What we need is a graphics vendor who publishes full specs for their graphics chips! If nVidia won't do it, find someone who will.
Thank you for not using "pwned" in this headline.
Trolling is a art,
This is one reason I think I'll stop using NVIDIA chips and start using Intel chipset graphics hardware in the future. http://intellinuxgraphics.org/
Also the ones without openGL performance. Remind me why I bought a high-performance 3D card again.
This is due to the fact that they are using liscenced code from other people/companies, and they would need to open source that as well.
Hardware vendors, be they printers, video cards, or what-not, should work to 2 sets of specs:
A high-performance, possibly proprietary, specification that gives them a definate edge over their competitors. If they want to ship binary-only drivers that's fine.
A possibly-lesser-performance specification that does "the basics" - everything a typical device of its type can do. This specification should be public, preferably with open-source drivers. Even without drivers, those who need to can write drivers from the specification. For a high-end video card, this should be everything that a low- or medium-end card could do. For an all-in-one printer, this should include basic full-color printing at "typical for its technology" resolutions, basic full-color scanning at "typical for its technology" resolutions, and b&w and color faxing. For a high-end sound card, this should include at least 2-channel sound. For a communications device, it should include all internationally-accepted standards that the device supports, but need not include the most efficient or highest-performance embodiment of those standards.
Most important is full disclosure:
Any device that doesn't provide a full, published specification of "everything" must disclose the limits of the published specifications, so buyers will know exactly what they are buying: a device that, should problems be found with the drivers, or when used with operating systems without supported drivers, is limited to a specified downgraded functionality.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The OpenBSD Project has been warning about the dangers of binary blobs - security and otherwise - for years now. Indeed, binary blobs were the theme of the OpenBSD 3.9 release (as mentioned in the kernel trap article).
Perhaps people will now start to wake up and realise that these kinds of drivers are unacceptably dangerous, both for immediate system security and for future hardware freedom. Slimey vendors like NVidia, Intel and Atheros have been trying to shove this crap down our throats for some time now.
Free software users need to unite and say NO to binary blobs! Lets kick this crud out of our operating systems!
The moving cursor writes, and having written, blinks on.
Am I the only one who can't get worked up about this exploit? I mean, I should be thinking, "this is happening because of X, we should do Y to fix it!" And yet, I just can't develop an opinion either way. It's not that I'm wrestling with myself, it's just that I don't care.
;)
Analyzing this, I think the reason is because the NVidia and ATI drivers are a PITA everywhere. By installing the drivers, you agree to destablize your system in exchange for the most incredible 3D (and 2D to a certain degree) performance. When Something Bad Happens(TM), you just sort of take it as coming with the territory.
It's sort of like hooking Nitro up to your car. Sure, your engine is more powerful than ever. But are you really all that surprised when you bust a valve, crack a ring, or do some other form of damage to your hotrod?
It would be nice if OSS drivers could be created. But it's probably not going to happen. NVidia won't open their drivers (ATI, doubly so) and the OSS community doesn't have enough info to recreate them. Thus I think the best bet is the Open Graphics Project. If they produce a viable 3D card alternative, you'll finally be able to chose between a stable (but slower) 3D card, or a high-performance, hotrod 3D Card. Take your pick to meet your needs.
Oh, and keep a firewall in front of your machine and the internet. Pipe all your X communications over SSH. Just good safety sense.
Javascript + Nintendo DSi = DSiCade
I used to putz around with the nvidia drivers and finally just said screw it-and my dang card still works! My thanks to the true open source guys. Binary blobs *sucketh*. If I want to run binary blobs I'll just install windows and be done with it..but I don't! I am not going to compromise principles any longer and "cheat", open source or they can eat my shorts.
Too bad this is all hot air. Intel haven't released full specs, just partial specs under NDA to a handful of people. They play no other part in the development of the drivers (for liability reasons, they got volunteers to do the drivers for them). And some important features require a binary blob.
Intel does not have FOSS drivers.
That machine is a desktop / workstation anyway, and has no, or almost no (ssh being an only exception) means for anyone to obtain a non-console login in the first place. OTOH, a person physically sitting on a machine has no need to exploit it. Again, who cares?
How many people use the nVidia cards in their servers? None, I guess. nVidia, and most 3D-cards is used on personal systems, with one user, which is usually root. If that user can use a root exploit to become root - so what! Remember that you have to be able to control the X11 display server to take advantage of this, which means you *have* to be logged in locally or be root.
Whilst I agree with the principle, I don't think this bug will have *any* impact, as most home boxes have no accounts accessible from the internet, that is able to run X11. If they have, they probably have bigger problems. Same goes for people running untrusted code that can execute this: it could as well provide a shell, or whatever. Yet, the problem is then *untrusted* code. A person that runs untrusted code can probably be coerced into running that as root as well.
So my guess: zero impact!
Assembling etherkillers for fun an profit
How many root exploits have been found for this driver, and how many have been found for opensource elements of the kernel while this driver has existed? Touting this as a reason to drop the closed source driver is nothing but politics and fearmongering, you guys should know better.
Not everyone runs a display that the standard 'nv' driver supports. Wide panel displays tend to have issues running with that driver since the resolutions are often odd sizes like 1440x900. I have to use the nVidia drivers to get the display to look right and use it's native resolution. I know many laptop owners also have similar problems as well. It's easy to say "just switch to the opensource one", but it's not as refined or functional as the real nVidia driver. Hopefully folks will fix the resolution limits on that soon.
According to the first comment over on kerneltrap, this was fixed by NVidia last month in a beta release. However, the issue in question was not mentioned in the release notes.8 67d1f473f5e912c412a23e19a8dc3&p=1027749&postcount= 11/ b etadriver.html/
http://kerneltrap.org/node/7228/
http://www.nvnews.net/vbulletin/showpost.php?s=87
http://www.nzone.com/object/nzone_downloads_rel70
I'm not giving up my 3d. it's as simple as that, the open source drivers SUCK. You want me to use your open source 3d drivers, then GET TO WORK and make them faster than the nvidia ones. Looks like a LOT of linux boxes are going to have security holes (assuming nvidia don't fix this quickly which i bet they will). DRI has had TERRIBLE performance compared to nvidia for years. FIX IT then we'l make our systems secure. fact is if it's a choice between a security hole and my games and HD movies, i choose my games and hd movies. I can't get 1080p playing back in software mode without stuttering and this is on an athlon 64 X2 4400+ 3GB ram and a geforce 7600GT. open source graphics have and wll continue to suck for a long time.
Apparently, the bug/exploit was fixed in the 9625 beta release. http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html
https://bugs.freedesktop.org/show_bug.cgi?id=3654
"The "nv" driver currently can't change the BIOS-programmed display timings. Unfortunately, this is not something that we can fix right now."
This just sucks, IMHO.
Theo LOVES to say "I told you so"
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Do you have a better suggestion?
/.
Well duh! Our only course of action is to bitch about it on
Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".
The problem is the same as why you shouldn't run as root all the time. If you use any networking app (such as Mozilla/Firefox) and it has any sort of code execution vulnerability (such as buffer overflows), then a potentially untrusted user could run code under your account, just by creating a buffer overflow using a specially formed web page or image file or mail/news message. With this vulnerablility, they can gain root access too. Do anything they want.
It's so wonderfull that Ati makes such crappy drivers that you can get decent open-drivers for Ati-cards.
So this is gonna fuel the debate wether binary drivers are ok or not? WTF? Wether drivers are binary or not has absolutely *NOTHING* to do with wether there's an exploit or not. This is only gonna be abused by the 'all FOSS at all costs' faction. Linux and OSS owe a great deal of their success in recent years due to the all-out 100% fully official support of Linux by Nvidia. Knowing Nvidia they'll have a fix out at least as fast as any OSS project. Cut them some slack allready. It's not that everthing else in the Linux world has never had an exploit.
We suffer more in our imagination than in reality. - Seneca
Maybe this is related to the fact that a 1280x1024 checkerboard image that I have is able to freeze my system solid. Or at least it was able to do so in the past using the nvidia driver but not the nv driver. I don't want to test it on my current setup because I don't feel like rebooting.
Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".
So what are you? A Linux+ATI fan? w00t - you finally get to hit back. So now the nVidia folks know what it's like to run Linux without 3D support.
Boy, you showed them, tough guy.
$30 Off All Plans: Use code TRIPLESAWBUCK
Hey ... my neighbor runs linux with an nvidia card.
And he was showing me some fancy 3d stuff that
my xp can't do. So
I can hardly wait to turn the tables and take over
his system. So what is step 1 ...
:(
Oh, I see, first I have to break into his house
It wouldn't render fonts correctly for me unless I turned off the render acceleration, and even then fonts wouldn't render under WINE.
Much as I'd like to have the acceleration features of the card, I can't until nVidia figures out how to get their drivers relatively bug-free with FreeType and Xorg R7. That might take a while, so I'll just have to bide my time with the stock "nv" driver. Google Earth will be incredibly slow for me until that time:
* * * * *
It's only when you look at an ant through a magnifying glass on a sunny day that you realise how often they burst into flames.
--Harry Hill
http://www.nzone.com/object/nzone_downloads_rel70
as well as the 1.0-9626 QuadroPlex driver:
http://www.nvidia.com/object/linux_display_ia32_1
http://www.nvidia.com/object/linux_display_amd64_
Thanks
It's things like this that make it clear that we need the OpenGraphics project. If you can, then please support them and let's get a truly open graphics card out there that does decent 2D and 3D with truly open drivers.
I'm running 8774 on Gentoo, where's my security patch? I think that's it for nvidia now, not releasing an advisory and timely patch is unacceptable. I've no idea why I keep buying their cards anyway, I've done perhaps 24 hours 3D work in the past 12 months. Excuse me while I switch to nv.
Blob! (mp3)
Note that you're only allowed to use Linux under the terms of the license it's released under. It can be prohibited in the same way that Microsoft can prohibit you from cloning it's OS.
>This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.
This is the point. NVIDIA's driver is *NOT* part of Linux, but a loadable module distributed only in binary. Thus it is not subject to the scrutiny of quality, security and reliability testing that code must test before being official merged into the mainline kernel. Report recently: real-time support has arrived for linux 2.6.18, but the code has been useable for years if one were prepared to patch and compile their own kernel. Only now has the code been deemed satisfactory for introduction to the unpatched vanilla linux at kernel.org . The truth is, this policy works. How common is that you have kernel panic?
So the free nv driver in linux is certainly more secure and stable, as it is refined by hundreds of kernel developers. Yes NVIDIA can write a driver that gets better FPS - it is their hardware, for which they don't share the documentation. But this driver is the work of fewer developers, and to NVIDIA their linux drivers are of fractional importance to those for Windows. The binary is compiled on one machine for it's specific kernel, so can suffer incompatibility problems unless you run a fairly standard major version of the kernel.
if you used closed source drivers on a machine that you need to be secure, you're a dickhead.
How we know is more important than what we know.
For those who whine about "open source zealots who whine about open source drivers":
LWN.net (as usual) has a great write-up of the reasons to insist on open source drivers.
There are several good reasons. Open source drivers are *important*. It cannot be said that one truly supports Linux if one only does so with closed drivers.
I'll be in the market for a monster computer early next year. Planned to go AMD, but since there is no PCIe based card with open source drivers, I think I will have to go with Intel just to get their GMA3000 integrated graphics. It's that important.
(Although, the reverse engineered R300 drivers might be good enough by then. If so, AMD might be an option.)
This is the best advice they could give you at this time because it's your only recourse to keep safely using the hardware while you're waiting for the vendor to get off its ass.
Compare this to the vunlerabitiles of open source software on Bugtraq et al where the diff to fix it is included in the disclosure mail.
Methinks you've completely missed the usefulness of "switch to Linux" as a response to closed source bugs.
I have never gotten dual-head support
out of the OS nv driver; the nVidia
closed-source drivers work for dual
head workstations.
As has been mentioned, why get an nVidia
card for your server? And this may be a
moot point for single-user workstations.
But do not assume that the nv driver is
a panacea.
"Never bullshit a bullshitter" All That Jazz
Hardware vendors, be they printers, video cards, or what-not, should work to 2 sets of specs:
If you want them to go through all of this effort, there has to be a real financial benefit to them. I fail to see where it is in this case.
Will they realize some new business as a result of this extra work? Will they lose any significant number of sales if they choose not to do it? Doubtful.
If you mean "should" in the altruistic "do it because we'd really like you to" sense, well... remember, nVidia is a closed-source, for-profit company. Show them the money and it'll happen.
You run X clients all the time. Say, firefox or thunderbird for instance. I can send you an email or a url that will exploit this. Any X client can exploit it, and its trivial to get any html displaying X client to exploit this for you, since its such a moronicly trivial hole.
And no, I don't have the faintest idea why things are this way.
It's about DRM. With a closed source driver AND no specs how to access the hardware, vendors like NVidia and ATI can effectively prevent you from displaying (or capturing) material with nasties like MacroVision etc... If they opened the HW-specs, circumventing this crippling feature^Wbug would be easy as pie. Therefore, they don't.cpghost at Cordula's Web.
Not only is it closed source, I bet they prioritise execution time and quick development over getting the security right. (After all, it makes commercial sense to do so, at least until there's a high-profile remotely exploitable security hole due to it. And of course, that'd never happen - after all, it's just a graphics card driver, right? There's obviously no way someone could use that to get remote code execution...)
If you detected sarcasm in the previous paragraph - congratulations!
I think including "closed-source" shows a useful distinction. I don't know anybody who wants to smear Nvidia, however we have to uphold the principles that Open-Source Software stands for. (I won't go off on the diatribe, we've all heard it.) It was definitely worth noting that the vulnerability was not caused by Open-Source software. After all, we don't want anybody smearing our community name either.
Open Source 3D capable drivers for nvidia are under development by the Nouveau Project , stay tuned or just help them out!
"Score: 4 Informative" or just all the people knows that?
The nouveau project is actively working on a free software driver for nVidia cards that will hopefully replace the nv driver one of these days. They could use some help.
http://nouveau.freedesktop.org/wiki/
http://wiki.x.org/wiki/nv
You fucking losers. If only you dropped your zealot attitudes and used Windows you'd have the choice of NVIDIA *or* ATI, powerful cards with full 3D acceleration without the issues of a security flaw. This is so fucking sad you have to debate on these issues; with Windows you wouldn't even need to think about it, just by the card and you're set. Viva la Windows!
(yes, fine, call me a troll, but there's a reason ATI doesn't bother much with Linux anyway. There's no god-damn point.)
Quite often, something free is worth what you paid for it. nVidia has absolutely first rate drivers and while it's nice to think that there's millions of talented driver writers out there just waiting for a chance to make good drivers, that's just not the case. Writing good drivers isn't easy, that's one of the reasons nVidia is so popular with many is their top notch team does such a good job of it.
Also, they just can't. They have licensed code in their drivers that can't be opened up. Want real OpenGL? Well than you takes what you gets. OpenGL isn't free to hardware developers. It's $25,000 to $100,000, plus royalties for distribution and it does come with terms and conditions on it's release. There's also licenses on patented code like S3TC in there.
Now if the Linux community wanted to develop their own graphics API that was unencumbered, then maybe you could convince the companies to open their code up. However if you want a full featured GL driver, you are going to need to deal with closed source, at least form nVidia and ATi since they've both already signed licenses on it.
This is a buffer overflow in the closed-source Nvidia X11 driver, not the kernel modules. As far as I'm aware, Nvidia has no binary blobs that get loaded into the Linux kernel. ATI does, but Nvidia doesn't, all their kernel modules are open source.
And for the record, X11 drivers run in userland, as root so they can access hardware ports directly. There's no real reason for them to require root, except that allowing any process to access hardware ports will undermine the security and stability of the system. What you could do is use capabilities to give X11 the ability to access particular hardware ports directly and run it as a regular user instead of root. As long as only root can assign the capabilities you'll be fine.
How we know is more important than what we know.
Your suggestion to change the subject of the post to remove "Closed-Source" is unfounded. There *IS* actually an open-sourced driver for nVidia and the problem is only with the closed (accellerated) driver.
Scott Dowdle
www.MontanaLinux.Org
>> It's also the version without GL support. Without GL support you might as well have a Mach64 in there.
:-)
Well since you mention Matrox, get their G550 which has both GL support *and* open drivers.
The Matrox G550 PCIe card works perfectly with the pure open-source mga driver that comes as standard with all recent kernels. I've been using it in my Dell 2800 server, and its record of reliability is 100%.
Matrox even boldly proclaim their Linux source driver support on the box. That's quite unusual!
The card also has the distinction of being the only graphics card in existence that can run in a PCIe slot of 8 lanes or fewer, as it's a 1-lane card (all other PCIe graphics cards use 16 lanes), which means that it will work in traditional "server" chassis that tend to have 1/2/4/8-lane PCIe only.
And it's cheap and fanless too! I'm pretty impressed with it.
I wonder just how much at all such vulnerability relevant to real world?
I yet to see single server using nVidia cards - let alone running X at all. (Okay, I know, some ex-Wind0ze admins like to run GUIs on servers.)
Rest of the *nix systems using nVidia blob driver - are workstations with single user and administrator in one person. Just like I have at home. The bug is irrelevant.
IOW, I'd rather rename the topic to "Bug in nVidia closed-source Linux driver". It's just stupid calling any every crash/panic a vulnerability.
All hope abandon ye who enter here.
The Matrox G550 PCIe card works perfectly with the pure open-source mga driver that comes as standard with all recent kernels. I've been using it in my Dell 2800 server, and its record of reliability is 100%. While it's a lot slower than the blinding speeds you get from ATI or nVidia's binary blobs, it does do 3D perfectly. (And video and Flash too.)
Matrox even boldly proclaim their Linux source driver support on the box. That's quite unusual!
The card also has the distinction of being the only graphics card in existence that can run in a PCIe slot of 8 lanes or fewer, as it's a 1-lane card (all other PCIe graphics cards use 16 lanes), which means that it will work in traditional "server" chassis that tend to have 1/2/4/8-lane PCIe only.
And it's cheap and fanless too! I'm pretty impressed with it.
How many kernel exploits have there been in the open-source part of the Linux/FreeBSD kernels in recent years?
Granted, open-source allows you to audit/fix it yourself, but it's not a magic bullet.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
http://lwn.net/Articles/204543/
This is fixed in the driver nvidia has marked stable.
(a) using an open-source wrapper, so their real driver doesn't use any of the Linux kernel interfaces directly,
.... (fill in here).
The glue code links to the kernel directly. So it must be GPL. The user space code links to the glue code directly. So it must be
where it says switching away from linux that should have been switching away from windows.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
ok, I for one am all for a happy medium between these 2 groups. These companies are trying to stay on the bleeding edge of technology. They are also major employers of geeks and nerds (our bretheren). They have to have fundage to push technology forward. Yes, I run linux on every computer I own, but people have to realize that 95% of consumers dont care. They just want everything to auto-magically work. Until this happens linux will be a minority. If Nvidia open sourced their driver their competitors would have the upper-hand, and they wouldn't be so "bleeding edge" anymore and have less money for r&d and to pay their programmers. From a business perspective, they would lose way more than they gained from the deal. To be honest most "bleeding edge" OSS software is buggy too. I think Id software's model of GPL game engines is the ideal model in this case, but oh well. Sure it gets on my nerves that companies won't develop for linux.. I make websites a native Linux Flash Authoring tool would really make me a happy camper. When a company commercial or not develops for a platform I love, I happen to jump for joy and praise the gods... Nvidia's cards work and rock in linux.. Don't you people ever appreciate what you have? I thank nvidia everyday for making good quality linux drivers. Are they perfect? no, but then again nothing ever is.
"This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux."
Allowed huh? I thought linux was about having choices. How is preventing binary drivers from working with the linux kernel true to the free mantra of the FOSS crowd?
A mark of a successful free system is that it allows people to use it in ways that the creators didn't intend and are actually offended by. How does the old saying go? Consistency is the hobgoblin of small minds.
Has anybody tried to to this on Fedora Core 5? They have basically annihilated buffer overflows due to their usage of things like IBM Pro-Police with everything compiled to run on FC5. I spent an entire semester studying work-arounds so we could obtain root level exploits, but almost all stack based methods are useless against that platform, and only some heap-based overflow methods are remotely possible.* Programs running on FC5 at the moment are very difficult to attack in this classical manner, and it is usually on these GUI-oriented distros (fedora, ubuntu..etc) that you find any need for 3D acceleration.
Note that heap overflows are rather rare. Note also that FC4 is perfectly vulnerable to all kinds of attack.
First comment all day that made me laugh.
kdawson needs to spend less (or maybe more) time on MySpace.
The OpenGraphics.org project will release a 3D OpenGL enabled graphics card with full specifications and schematics so that FOSS developers can write open source drivers for Linux and BSDs. The consumer graphics card (code-named OGA) will be release after a development board (code-named OGD1) is produced. The key step is to make enough revenue (around $2 million) from selling the multi-function development board to fund the mass production of the consumer card.
Unless there is a wealthy individual / corporation out there who is willing to invest in order to manufacture this card earlier. The FOSS-friendly card will surely have a big appeal in Linux circles.
it seems that the original forums post, found here http://www.nvnews.net/vbulletin/showthread.php?p=9 31048
stipulates that you use the nvidia driver aka 'nvidia' in correlation to gedit. This will crash X.
HOWEVER
if you were to use the driver 'nvidia' with Kate, this would not crash it.
nvidia driver flaw? yes, noting the use of gtk in addition
``This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux''
As if root exploits never occur in open source software.
Please correct me if I got my facts wrong.
I mean, it's not like anyone out there actually has a disassembler or anything. If there was anything worth digging for in their binary drivers, someone would have disassembled that bit and posted it as code already.
Weaselmancer
rediculous.
The article indicates that visiting the wrong web page while equipped with the faulty driver is enough to get you rooted.
Nvidia driver has no such protections..
There is no DRI driver for NVidia cards. You aren't comparing NVidia's drivers to DRI drivers, you're comparing them to pure software rendering. For an apples-to-apples comparison, compare, say, the current DRI r200 driver on a Radeon 9250 to NVidia's driver on a similar (DX8-generation) GeForce.
The vulnerability also applies to browsing websites with a local X client (e.g. posting on slashdot). Even a non-malicious site can exhibit a DoS if it contains long INPUT fields. (I think that was visible, not logical size.) So you can get rooted while browsing random sites.
I love you all and I hate all blobs.
I use one blob and I hate it: nvidia.
But there is no TV-out with nv.
That *is* a problem. I agree with RMS and TdR.
And still, I want to watch movies on the tube. So how ?
Ignoring the argument of Binary vs OSS drivers for a minute.
The root of this problem is 'C'. The nVidia programmers have way too much power. Buffer overruns, string comparisons, memory access, pointer arithmetic. These features need to be banned from modern computing.
Just last week over prune juice, I was telling Linus, Theo, and Dave Cutler why they should only allow C#/Java/Python based video drivers in their kernels.
Enjoy,
It's just the normal noises in here.
This is a buffer overflow in the closed-source Nvidia X11 driver, not the kernel modules.
That statement is total fiction.
The closed-source nVidia X11 driver *IS* a kernel module. Just type "lsmod" and look for something called "nvidia" with a size of 4 meg or more. That's the binary blob mentioned in TFA. And it's pretty obviously a kernel module or it wouldn't appear in lsmod.
You seem to have got confused by their GPL shim, which is just a hook that they link to in order to be isolated from regular kernel structure changes. The actual driver is completely contained in their closed source binary blob, and that loads into the kernel just like any other module.
Will they patch the legacy drivers too?
I, for one, have a TNT2 PCI video board to run a second monitor.
(And I'll not mention how closed-source sucks, for the risk of being modded redundant.)
factor 966971: 966971
Hey, call me dumb or whatnot but I actually bought an ATi Radeon x1900 to put in my Linux box to do a dual-head setup. I have to use the fglrx drivers to get the dual head to work, naturally. But you know what? They actually DO work (and work well) and it wasn't any more difficult to get them to work than NVIDIA's drivers. About the only kvetch with them is that XVideo is a little funky, so I watch my movies with xine outputting to OpenGL and not XVideo. Not a big deal at all, and the card is some kind of fast...
Just "gittin-r-done," day after day.
As someone who runs as root all the time, "full access" to my system basically means anything that I'd otherwise need access to with a limited-user account. For most of you, this is /home/x. For me, it's many places. Wherever its location, if I ran as a limited user account I'd still need full access to every last IMPORTANT file on my system. /lib can be replaced. /bin can be replaced. /home is gone whether I'm root or not, and that's what can't as easily be replaced.
As for not needing root for 99.999% of tasks, I suppose if web browsing and solitaire is what you spend your time doing on a computer, you're correct. However, an awful lot (99.999%) of how-tos specifically mention using sudo in them for a reason - it's a pain to administer your system as a non-root user.
Pretty much by definition, if I can do almost all of what I need without being root, I might as well be root anyway. Because at that point an attacker can do the most damage possible anyway.
I can re-install my OS. I can't re-install my data (not as easily, anyway). There's simply no need to avoid root on a single-user, desktop system - unless you seriously worry about rm -rf 'ing your system by mistake.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Oh, and keep a firewall in front of your machine and the internet. Pipe all your X communications over SSH.
And don't surf the web, read email, use java applets, look at documents with fancy fonts embedded, watch flash, etc.
If you read the fine article you'll see that this particular root exploit can be done through essentially any application that can hand defined fonts and a text string using them to X.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
We don't see the world as it is, we see it as we are.
-- Anais Nin
We don't see the world as it is, we see it as we are.
-- Anais Nin
Computers are already filled with binary blobs in their CPUs, BIOS and so on.
I don't see the difference in quality, most software is crap whether OSS or closed source.
There have been 2 year old problems in open source code as well. There are flaky open source drivers, and open source software that's full of holes. One could even argue that PHP is more evil than nvidia's binary blob...
The old open-source Netscape was a multiyear security problem, so much so even till today I look at Mozilla/Firefox with suspicion - and my suspicions seem to be justified every month or so...
The big problem is on Linux the nvidia driver code has high privileges and there's no way to get around that other than not use the driver. In contrast I run Firefox using a different user account from my main user account, so any normal browser exploit won't affect my other accounts.
Any linux driver level exploit can just bypass that. Whether or not it is closed or opensource if there's such a bug it'll be the same problem.
The only difference supposedly is that the fix could be faster if it's opensource. BUT even that's not guaranteed - not that many people understand the big picture enough to make a decent fix. I have seen cases in the OSS world where a volunteer's quick fix is not accepted by the main developers because it's not good enough or could cause other problems.
There's currently no incentive for Nvidia to make much better quality drivers since it seems that ATI's drivers are even worse, and Matrox just isn't much of a competitor. The appears to be insufficient incentive for Nvidia to release sufficient specs to allow the OSS community to write full-featured open source drivers for Nvidia hardware.
If anyone can come up with compelling reasons that will _benefit_ Nvidia enough please do. Just saying "binary blob = evil and OSS = good" is pretty stupid.
We all know that there never have been open source drivers with root exploits, right? Clearly open sourcing the drivers is the solution.
im gonna go out on a limb here and guess that this root exploit only works if your running code that exploits it on your computer.
my suggestion: dont run any untrusted code on your computer! de de deee!
just like normal, use a bit of caution
im sure nvidia will fix it soon anyway
I run Ubuntu Edgy plus Beryl compositing window manager (the community-maintained fork of AIGLX + compiz) using the 'radeon' driver on my x700. Free as a bird.
A lot of people really seem to miss the point about exploits that can only be used locally... These are still every bit as serious as remote exploits!
If you follow best practices, you'll probably end up with a system where any vulnerability only leads to access as a user. But when there are local root exploits available, you can escalate that user access to root access and hide your rootkits there.
So with this Nvidia bug, the real risk is that another service gets compromised and the attacker then uses this exploit to get root. Once they have root, they can install rootkits, etc.
Comment removed based on user account deletion
Except that, with modern OS, specially with opensource ones, the BIOS it self is only used to start up the computer, initialise the hardware and boot up the OS. From then onward, the BIOS is mostly unused and OS' drivers kick in. You seldom hear of root exploits using BIOSes (appart from some very weird and rare ACPI case)
And, besides, there exists open-source projects to provide an opensource replacement for those who need to use their hardware in ways which weren't initially planned.
Firmwares are the only blob that is really widespread today, and as they don't run on the CPU they aren't really part of the OS and aren't very exploitable either.
Except that in this case, nVidia isn't helping at all to build something other. They don't release any specs or whatever that could be used to build some nVidia support into freesoftware beside a limited 2D nv driver.
And open-source isn't only about security : it's also about freedom of choice. Which include freedom to run your software on whatever piece of hardware ou choose (or at least, manage to compile it for).
nVidia produces PCI GeForce FX cards (Cards that support DirectX 9 level of shaders). PCI connector are found in a very wide area of machines (including PowerPC based, Sparc based, Itaniums, etc...). But, you're stuck at only being able to run them on x86 processors and more recently x64 processors.
Linux and other freesoftware like GNU, being open, could be used on a very wide area of devices, and used in amazingly creative ways that Linus and RMS themselves haven't though about (see the Linux will never be ported to 68k or GNU cannot be run on DOS). If binary blobs start to proliferate under linux, you'll be stuck : limited to only what usage the blob developper have decided to spend time supporting. You start loosing advantage of running linux and in the end there won't be much point running linux instead of windows.
Last but not least, open-source drivers allow to keep supporting old hardware. As long there's a big enough community of users, old hardware will still get drivers developped for it. As exemples I'll point to Voodoo gfx card : 3dfx went bankrupt a long ago, but because the Glide driver source was released and because you find other good open-source project like Mesa3D, there are still community-made drivers for it, including for Windows 64.
Whereas, on the other hand, blob maker may drop support for some old hardware at some point even if there are still users around... in a way they need to sell hardware to earn money and droping support for old hardware may entice people to buy newer hardware.
If anyone can come up with compelling reasons that will _benefit_ Nvidia enough please do. Just saying "binary blob = evil and OSS = good" is pretty stupid.
Except that in this case, nVidia isn't helping at all to build something other. They don't release any specs or whatever that could be used to build some nVidia support into freesoftware beside a limited 2D nv driver.
And open-source isn't only about security : it's also about freedom of choice. Which include freedom to run your software on whatever piece of hardware ou choose (or at least, manage to compile it for).
nVidia produces PCI GeForce FX cards (Cards that support DirectX 9 level of shaders). PCI connect
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I for one want graphics cards which don't cost anything, and I think everyone in the world would prefer free graphics card drivers (Free as in beer). It isn't going to happen though is it? Nvidia aren't going to make any money that way.
It is for exactly the same reason that nvidia claim they can't release the specifications for their cards, and make available their trade secrets.
Sometimes it doesn't matter what the consumer wants; its not a sensible business decision. Infact, I would go as far as to say it could be an impossible business decision, one which could govern whether the company stays in business or not.
People can argue what they like, but if Nvidia think (and clearly they do) that releasing opensource drivers will compromise their business then there's nothing anyone can do.
And Nvidia aren't alone! ATI won't release specs for their modern cards, so it seems that several people agree this is very bad for thier business.
And finally, as with intel, I am happy to opensource the drivers to any graphics cards I make.. of course, I can't program, neither do i know much about electronics... and most importantly, opensourcing my drivers is not going to affect how competitive my graphics card is... after all, it already isn't competitive..
Comment removed based on user account deletion
I have just installed NVIDIA-Linux-x86-1.0-9625 and it seems ok so far. I've visited a few of the troublesome links with firefox 1.5.0.7 and it's not crashed X yet. I was using NVIDIA-Linux-x86-1.0-8762 before the update, and several times I've had X crap out on me. I don't believe I was r00ted though, after reading about the glyph problems. It can also be triggered by a long "get" request, or long lines of text in a form field. I was using TinyMCE when it first happened to me. Here's a test url that supposedly crashes X from firefox - http://comptune.com/calc.php?methos=POST&base1=10
I didn't check this before the update though, so it may not be conclusive.
My main complaint about the whole issue is that I only found out because it was posted here. I don't have time to go checking for updates and exploits for all my different drivers and software, that's why yum runs from cron every night. It would have been nice if somebody (nVidia) had posted that a new version was available that fixed potential security holes, or even had a version checker built in to notify me of an update.
Lessee, unless I'm misinformed, de-acronyizing that resultts in "binary binary large object". So, what's the alternative, an ASCII binary large object?
mark "still speaks English"
I was trying to give nvidia a piece of my mind, but their webform doesn't seem to work. So here are the email addresses I found:
info@nvidia.com
websupport@nvidia.com
for anyone lazy (like me), you might like to peruse this message:
Dear people of nVidia,
Since I care about my freedom and being in control of my own computer and its SECURITY, I choose to run free software only, but you make this very difficult. http://kerneltrap.org/node/7228 mentions a vulnerabillity in your driver which you have known about for about TWO YEARS. Things like this need to be fixed in ONE DAY. You have managed to completely lose my trust and respect. I will not be suckered any more into buying any product which is not properly supported, because it has superior performance. And properly supported means that the specifications of the hardware and a free software driver are available. I will not surrender my freedom to you or to anyone else anymore, ever.
I hope you will reconsider your actions and release your drivers as free software and make your hardware specifications available, such that current free software drivers can more fully support the features of your offerings, such as 3d acceleration(!) and dual outputs.
Sincerely,
[your name]
"The drivers on that page are "BETA". Not released."
Well, the "nv" drivers not only aren't beta, they are prealpha and prehistoric as they don't have any kind
of hardware acceleration. still the beta 9xxxx drivers are a better workaround (and they're already in use
in all the bleeding edge systems because of glx_texture_from_pixmap support : compiz/beryl without need of XGL)
Look what I found with my fold-up trenching shovel: it's the original OpenBSD security advisory with diff output dated to 26 June 2002.
This bug can be exploited remotely if
ChallengeResponseAuthentication
is enabled in sshd_config. This option is enabled
by default on OpenBSD and other systems.
Now let's look at some of the points raised in consideration of why it happened and whether it might (or most definitely will) happen again.
b. We could not alert the community that disabling
ChallengeResponseAuthentication solved the problem, since
this would highlight that the bug is in about 500 out of
27,000 lines of code.
One detail we glean here is that OpenSSH has become a rather large body of code. This is the heart of the troubled teenage years of the OpenSSH project, when the body of code is filling out as it enters its adult years faster than a principled audit can keep pace.
3. Short-Term Solution:
Disable ChallengeResponseAuthentication in sshd_config.
and
Disable PAMAuthenticationViaKbdInt in sshd_config.
Alternatively you can prevent privilege escalation
if you enable UsePrivilegeSeparation in sshd_config.
If UsePrivilegeSeparation had been enabled in OpenBSD at that time, they presently be advertising on their web page having no remote root exploits in the last ten years. Why would do all the work to create this feature, and then not employ it? Another clue emerges:
h. Some vendors were initally upset by this policy of non-disclosure,
largely because the UsePrivilegeSeparation code was only about 90%
functional in OpenSSH 3.3:
People were upset with the suggestion to employ priv-sep because it wasn't entirely finished yet. What is clear however, is that in the time period leading up to the discovery of this exploit, the OpenBSD team was devoting considerable energy to mitigating the risk at the most fundamental level: reducing the 27,000 body of code running with root to a far smaller nucleus.
From an old SecuriTeam commentary (emphasis mine).
Once this work was completed, the scope for root exploits (as measured in LOC) was reduced by 90% for all time. Alternately, one can view the new landscape as permitting a factor of ten increase in the resources available to conduct security audits on the 2500 lines of code which retained privilege. Perhaps if the key talent hadn't been so busy implementing priv sep, they might have had the resources available to discover the root exploit before it tarnished their unblemished record. Note that this exploit was not present in the 2500 line kernel that retained privilege.
Furthermore, the actual code defect (in the prospective non-privileged code base) was not discovered by some zit-faced l33t or random black-hat.
e. We believed very strongly that the issue was unknown in the
In short, this is just some exploit writer trying to be a pain in the ass. This is not being actively exploited, 99% of users have little or no exposure to this.
Let me summarize:
Him: Closed source drivers are bad...
Us: Why? I like my graphics, it works well. I'm happy.
Him: (*writes exploit*) See, that's why! Bad bad baaaad!
No worries. First off, they can never place restrictions on how you may *USE* GPL'd software.
Linux can only make it really really annoying to use closed source drivers. They can forbid redistribution without source code, and that's it. But to take it any further than that, by say, refusing to load non-GPL kernel modules, they would be falling into the very same trap that GPL3 is trying to eliminate. The so-called "tivofication", where the software is open but if you change it, it ceases to function.
>> So my guess: zero impact!
Agreed. Nobody cares.
*yawn*
It's like this... All software has bugs. Some bugs can be exploited. Nothing is risk free. You can't patch what you don't know exists. If I have remote network exploit against FreeBSD, and I don't tell anyone, it's not likely to get fixed anytime soon. Now some might argue that no such thing exists. But you can't say it's impossible can you?
But what about closed source network drivers? Wifi maybe...
Oh you're using one now?
What happens if there's a driver exploit for that?
Uh-oh...
Already happened... oops.
So we have three possible routes to privilege escalation. One, the person already has shell access. This is rather rare these days. In any case, you can restrict access to X to only those people you trust or can hold accountable. Two, a remote X client. Who allows remote X connections these days? Require shell access with X connection tunneling through SSH and see #1, above.
Three, you are running an X based web browser and visit a malicious web page. Okay, to prove this is not an issue, let me quote from the article again:
Okay, to work, the exploit needs to provide glyph data to be rendered. From the sound of it, without being able to supply arbitrary glyph data, the best that an attacker can accomplish is a DoS for as long as you are visiting that site. So, practice safe browsing, turn off embedded fonts, Flash, and Java for untrusted sites.
I am predicting that this exploit will not affect many people.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
It's a buffer overflow due to font heap alignment. You can easily do that with embedded fonts in websites(works since version 1.09 of
firefox).
Security is not only a concern to servers since any desktop is a pontetial machine that can be used for spam.
Hell, if only I had the time I could just create a site with such fonts and post it here to make a point.
There is a "work-around" for this exploit: To turn render accell off.
By the exact same argument, the community could have used the disassembled code to make an open-source driver already.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
It's one thing to RTFA, it's another thing entirely to UNDERSTAND TFA.
This funny little prank javascript fills the location field with a massive string of 'a' characters, in the hopes that the browser will freak out and crash. It's old, it's well-known. Read the tail end of the IRC transcript where the dude laughs at the fact that the prankster used nvidia's website to force the javascript to punk the poor guy. He could have tacked the javascript onto any URL at all to deliver this OLD OLD prank.
The *actual* concept exploit is a C program linked in the advisory here (although I am certain it's beyond you):
http://www.rapid7.com/advisories/R7-0025.jsp
From:
1 028873#post1028873
/etc/X11/xorg.conf file
http://www.nvnews.net/vbulletin/showthread.php?p=
You can put
Option "RenderAccel" "False"
in your
or
You can upgrade to 1.0-9625 or 1.0-9626
Pretty easy fix. I'm running a job now to secure all 300 of my NVidia lab machines
with the RenderAccel" "False" line.
-- If there's one thing i can't stand, it's intolerance!
+4/5 Insightful. That's the moderation a post like that would have automatically got in the Good Old Days (TM) before slashdot sold out (in several ways), because slashdot had intelligent moderators who actually bothered following the moderation guidelines, reading at threshold -1, nested and moderating even leaf-node comments.
Yes, they could have, but no they haven't as this would violate Nvidia's license and you wouldn't be able to distribute the driver once you put in all that work. But see http://nouveau.freedesktop.org/wiki/ for a project to legally reverse a driver for Nvidia cards.
It has just one huge problem: the digital output is limited to 1280x1024.
I only need one output. I don't need analog shit at all. I just need dual-link support for something like the Apple Cinema HD Display, 30" at 2560x1600.
I don't even really need the 3D, though I guess I could abuse 3D for scaling video or compositing.
thousands of uber-Quake machines are pwned via their NVidia bung holes.
An irate binary driver user was quoted saying
Like, my machine is pwned and stuff. And now it's like, sending spam and stuff. And like, my ping times have gone to shit! How am I supposed to pwn CS with this?
> The only type of machine this exploit targets are machines with multiple untrusted user accounts. I can't imagine why someone would be running this NVIDIA graphics driver on a server type machine anyway...
Possibilities:
1. Guest access at a library that is avoiding use of Microsoft products.
2. Corporate environments where you might want a secretary to have graphical use but not access to arbitrary files.
3. School environments where lots of students share a few computers.
Hmm... those sound like good places for Linux, where graphics are desirable.
Seriously, the "Only one person will use a computer" response sounds like Microsoft's response to shatter attacks.
> I defy you to point to a model that predicted Bill Gate's recent charitable contributions. You just don't have one.
Alright, how about a model that states that people will invest money whereever they feel that the total return will be the best.
Why give to charity? Why donate time and effort to free software?
Because people feel that the total return will be best.
What is the total return?
That's dependent on the individual.
Some people only look at total funds in their pocket.
Some people look at the improvements to society for the next generation to grow up in
Sometimes that is specifically what will benefit the portion of society that their own children will see, not the world as a whole.
You really want a suprise in economics? How does the success of free software -- specifically, the stuff built and maintained by donated time, not research funds backed time -- differ from "the problem of the commons"? Here the commons actually works.