Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Exploit For NVIDIA Closed-Source Linux Driver

Posted by ryuzaki0 on from the dangerous-blobs dept.

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

10 of 548 comments (clear)

  1. useless suggestion by pe1chl · · Score: 4, Insightful

    Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

    This is as useless as suggesting "Install Linux" when a Windows vulnerability has been found!

    1. Re:useless suggestion by jandrese · · Score: 4, Insightful

      It's also the version without GL support. Without GL support you might as well have a Mach64 in there.

      --

      I read the internet for the articles.
    2. Re:useless suggestion by MoxFulder · · Score: 5, Insightful
      I'm personally tired of this over-zealous open-source push. Nvidia is a closed-source company, but they make good products. Stop villainizing Nvidia and evangilizing this open-source madness to everyone. I use Linux (Arch distro - go Arch!) and the hated "closed-source" driver from NVidia because THEY make their cards and THEY make the best drivers for them.


      As far as I'm concerned, if you're a potential customer, a company damn well ought to listen to you if they want to sell their products. Open-source drivers are a feature that a lot of users want, whether to use cards on other architectures, to fix bugs sooner, to improve their performance, to audit them for use in security-sensitive deployments, etc.

      Lots of users would *LOVE* to punish NVidia for not responding to their desire for open-source drivers, but they really can't... there's no good alternative. ATI drivers are closed-source as well, and that's the only other big player in 3D graphics cards. Now Intel has come out with actual real-live open-source drivers for their 3D graphics cards, and there's been a chorus of folks planning to switch over to them (even though they're rather underpowered compared to the NVidia cards).

      NVidia may make pretty good drivers, but I bet they could be made a whole lot better and more versatile by open-sourcing them. I've encountered 4 or 5 NVidia driver bugs on my AMD64 box, and have NEVER found any bug in any other non-experimental open-source Linux device driver.
      --
      My bicyles
  2. Allowed? by 99BottlesOfBeerInMyF · · Score: 4, Insightful

    This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.

    Of course they should be allowed. How can that even be prevented? The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.

  3. To Theo de Raadt by jazman_777 · · Score: 5, Insightful

    Thank you for your stand against blobs.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  4. Missing out. by headkase · · Score: 5, Insightful

    nVidia and ATI are missing out on a pool of talented free labour in their Un*x markets. Seriously they have to pay people to write Windows drivers when they could have Linux people do it for free and fold the best parts back into their Windows drivers. Idiots. ;)

    --
    Shh.
  5. This is a relatively minor problem by Theovon · · Score: 4, Insightful

    Ok, security is never "minor," but it kinda washes out in the context of all of the stability and compatibility problems they've had as compared to FOSS drivers for cards whose manufacturers do publish specs. nVidia simply don't do a good job at writing their drivers. They violate all sorts of rules about how you're supposed to write Linux drivers. But being closed source, no one is ever allowed to fix the problems, and nVidia doesn't put enough people on it to keep up.

    What we need is a graphics vendor who publishes full specs for their graphics chips! If nVidia won't do it, find someone who will.

  6. It ain't too serious. by vidarlo · · Score: 4, Insightful

    How many people use the nVidia cards in their servers? None, I guess. nVidia, and most 3D-cards is used on personal systems, with one user, which is usually root. If that user can use a root exploit to become root - so what! Remember that you have to be able to control the X11 display server to take advantage of this, which means you *have* to be logged in locally or be root.

    Whilst I agree with the principle, I don't think this bug will have *any* impact, as most home boxes have no accounts accessible from the internet, that is able to run X11. If they have, they probably have bigger problems. Same goes for people running untrusted code that can execute this: it could as well provide a shell, or whatever. Yet, the problem is then *untrusted* code. A person that runs untrusted code can probably be coerced into running that as root as well.

    So my guess: zero impact!

    --
    Assembling etherkillers for fun an profit
  7. So... by Richard_at_work · · Score: 4, Insightful

    How many root exploits have been found for this driver, and how many have been found for opensource elements of the kernel while this driver has existed? Touting this as a reason to drop the closed source driver is nothing but politics and fearmongering, you guys should know better.

  8. Possible remote exploit vector by possible · · Score: 5, Insightful
    I work with the people who discovered and researched this advisory. For those of you who obviously didn't read the whole advisory and who are saying that this is purely a local exploit, I would not be so sure. Let me quote from the bottom of the advisory.
    It is important to note that glyph data is supplied to the X server
    by the X client. Any remote X client can gain root privileges on
    the X server using the proof of concept program attached.

    It is also trivial to exploit this vulnerability as a DoS by causing
    an existing X client program (such as Firefox) to render a long text
    string. It may be possible to use Flash movies, Java applets, or
    embedded web fonts to supply the custom glyph data necessary for
    reliable remote code execution.

    A simple HTML page containing an INPUT field with a long value is
    sufficient to demonstrate the DoS.
    Or, an even funnier chat I had earlier today:
    [chris@work] if it works, i'll drop connection here and be proved wrong and drop the nvidia driver
    [cloder] chris: do you have the nvidia driver?
    [chris@work] yeah
    [cloder] http://nvidia.com/content/license/location_0605.as p?url=';a='a';i=18;while(i--)a%2B=a;location=a;//
    [cloder] this is what's nice when vendors have XSS on their site
    [cloder] and since you trust nvidia enough to run their blob, you must trust their website enough to run javascript on it.
    [dr] haha chad that is classic using nvidias site
    *** chris.work (chris@fe-3-1.rtr0.scra.hostnoc.net) has quit ()
    [niallo] poor chris
    [niallo] cloder broke his computer with a webpage.
    *** chris.pwnt (chris@fe-3-1.rtr0.scra.hostnoc.net) has joined #openbsd
    * chris.pwnt never questions cloder again