Slashdot Mirror


Root Exploit For NVIDIA Closed-Source Linux Driver

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

9 of 548 comments (clear)

  1. Re:useless suggestion by Geekboy(Wizard) · · Score: 0, Troll

    how is it useless? you're being encouraged to use open source software for your drivers. you know, the version WITHOUT root exploits.

  2. Re:useless suggestion by Anonymous Coward · · Score: -1, Troll

    So... not useless at all then. Seriously, get over yourselves you windoze twats - _you_ chose to run an "operating" system that people who know what they are talking about have been telling you outright not to use for years now. Do you think it's clever? You're like toddlers refusing to learn how to read and thinking you've got one up on the growed-ups by doing so.

  3. Re:better suggestion by Sqwubbsy · · Score: 0, Troll

    Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".

    So what are you? A Linux+ATI fan? w00t - you finally get to hit back. So now the nVidia folks know what it's like to run Linux without 3D support.

    Boy, you showed them, tough guy.

  4. Re:useless suggestion by AJWM · · Score: 0, Troll

    Nvidia is a closed-source company, but they make good products.

    With root-exploitable drivers. Must be some new meaning of the words "good products" with which we were previously unaware.

    Personally I don't touch NVidia graphics cards. My ATI-9250 based card (the last chip for which ATI released the specs) works just fine (including OpenGL support) with open source drivers.

    --
    -- Alastair
  5. There is no argument by QuantumG · · Score: 0, Troll

    if you used closed source drivers on a machine that you need to be secure, you're a dickhead.

    --
    How we know is more important than what we know.
  6. Re:useless suggestion by Rei · · Score: -1, Troll

    Faster 2D acceleration? Great idea! Say, could I borrow your Milli Vanilli tape? Mine jammed while I was listening it as background while playing Nintendo, and now I've got to drive cross-country in my DeLorean and I have nothing to listen to.

    --
    You're treating a symptom while the disease rages on. The fish rots from the head. Why not cut off the head?
  7. Re:useless suggestion by pak9rabid · · Score: 0, Troll

    I really wish all of the open-source Nazi's would get off Nvidia's nuts about open-sourcing thier video drivers. They're not going to and people should accept this. No amount of bitching and Stallmanism is going to change this. Financial interest > idealism from a for-profit company's point of view. I enjoy having 3D acceleration support under linux (which is my primary operating system), and I really don't want nvidia to stop supporting their hardware under Linux because of the open-source radicals out there. Please don't ruin this for everyone else; you guys are greatly outnumbered.

  8. Re:So... by Anonymous Coward · · Score: -1, Troll

    Stop complaining, you lamer. This is one more reason why OS X and even Windows is SOOO much better than Lin-sux and B-Crap-SD. Apple is smart enough to understand the reality behind the hype: closed source software is faster, more secure and more stable than open sores crap.

  9. Re:useless suggestion by suparjerk · · Score: 0, Troll

    Yeah, okay. Giving a computer a direct connection to the Internet is a bad idea and people who do that deserve what they get.

    On a similar note, maybe the next time you drive on the interstate, your car will manifest that it has a manufacturing defect and all your wheels will suddenly fall off. But whatever, you were driving on the interstate directly. You deserve what you get.

    --
    I caught the Mountain Wumpus! He gave me his treasure chest ($100) to let him go free again.