Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Exploit For NVIDIA Closed-Source Linux Driver

Posted by ryuzaki0 on from the dangerous-blobs dept.

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

3 of 548 comments (clear)

  1. No surprise here by Caligari · · Score: 0, Redundant

    The OpenBSD Project has been warning about the dangers of binary blobs - security and otherwise - for years now. Indeed, binary blobs were the theme of the OpenBSD 3.9 release (as mentioned in the kernel trap article).

    Perhaps people will now start to wake up and realise that these kinds of drivers are unacceptably dangerous, both for immediate system security and for future hardware freedom. Slimey vendors like NVidia, Intel and Atheros have been trying to shove this crap down our throats for some time now.

    Free software users need to unite and say NO to binary blobs! Lets kick this crud out of our operating systems!

    --
    The moving cursor writes, and having written, blinks on.
  2. Re:useless suggestion by Breakfast+Pants · · Score: 0, Redundant

    So why even have an NVidia card? You could get cards with open source drivers that offer much better 2d acceleration, and pay less doing it.

    --

    --

    WHO ATE MY BREAKFAST PANTS?
  3. Re:useless suggestion by Lord+Kano · · Score: 0, Redundant

    Trade secrets are money makers, and you can't definitively say that opening their source wouldn't give away some trade secrets or algorithms that keep NVidia at the cutting edge of video card production.

    Who can benefit from getting access to NVidia trade secrets? Other graphics card makers.

    Do other graphics card makers already have the ability to use a debugger to step through nvidia's binary only drivers? Yes.

    The only people who could possibly benefit from getting access to NVidia's proprietary secrets already have the means to do so, IF their drivers contain such information.

    NVidia has every right in the world to do what they want to with their IP, that much is not in dispute. What's being disputed is their Lame-ass excuse for it. Instead of saying "Because we feel like it, bitches. Now either buy our cards or don't." They have conconted this bullshit excuse about trade secrets.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano