Slashdot Mirror
Root Exploit For NVIDIA Closed-Source Linux Driver
possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."
Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."
This is as useless as suggesting "Install Linux" when a Windows vulnerability has been found!
This is why I always said that all software for a FOSS operating system should be just that... OPEN.
- Just my $0.02, take with a grain of salt, your mileage may vary.
This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.
Of course they should be allowed. How can that even be prevented? The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.
... this might push nvidia into making the 9xxx drivers available sooner. I hope that solves the googleearth rendering problem.
Thank you for your stand against blobs.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
I'm a huge fan of all thing open source/free software...but I also remember that it's the developer's choice if they want to go open or not. I don't personally understand what "trade secrets" nVidia has to hide by keeping their drivers closed off from the public, but it's still their choice. Unfortunately the open source alternative "nv" driver that comes with X is pretty much worthless if you want to do anything involving 3D. The best situation for those who don't want to use proprietary drivers is to go out and find a company with open drivers and stop using nVidia products if it matters that much to you.
;)
I'm sure endless flame wars will follow below...so you guys have fun with that
"A truly wise man realizes he knows nothing."
But i hope that this will make understand that binary blobs are evil to corporate users.
Wondering why i am doing so strange posts? I am trying to get a "+5,Flamebait" or "-1,Insightful" rating.
I'm not calling into question the value of open drivers. But it seems that most people using nvidia's blob are running on desktop machines, either single-user or within the family. It would seem unlikely that these users are granting remote X sessions to untrustworthy people.
nVidia and ATI are missing out on a pool of talented free labour in their Un*x markets. Seriously they have to pay people to write Windows drivers when they could have Linux people do it for free and fold the best parts back into their Windows drivers. Idiots. ;)
Shh.
Ok, security is never "minor," but it kinda washes out in the context of all of the stability and compatibility problems they've had as compared to FOSS drivers for cards whose manufacturers do publish specs. nVidia simply don't do a good job at writing their drivers. They violate all sorts of rules about how you're supposed to write Linux drivers. But being closed source, no one is ever allowed to fix the problems, and nVidia doesn't put enough people on it to keep up.
What we need is a graphics vendor who publishes full specs for their graphics chips! If nVidia won't do it, find someone who will.
This is one reason I think I'll stop using NVIDIA chips and start using Intel chipset graphics hardware in the future. http://intellinuxgraphics.org/
Also the ones without openGL performance. Remind me why I bought a high-performance 3D card again.
Hardware vendors, be they printers, video cards, or what-not, should work to 2 sets of specs:
A high-performance, possibly proprietary, specification that gives them a definate edge over their competitors. If they want to ship binary-only drivers that's fine.
A possibly-lesser-performance specification that does "the basics" - everything a typical device of its type can do. This specification should be public, preferably with open-source drivers. Even without drivers, those who need to can write drivers from the specification. For a high-end video card, this should be everything that a low- or medium-end card could do. For an all-in-one printer, this should include basic full-color printing at "typical for its technology" resolutions, basic full-color scanning at "typical for its technology" resolutions, and b&w and color faxing. For a high-end sound card, this should include at least 2-channel sound. For a communications device, it should include all internationally-accepted standards that the device supports, but need not include the most efficient or highest-performance embodiment of those standards.
Most important is full disclosure:
Any device that doesn't provide a full, published specification of "everything" must disclose the limits of the published specifications, so buyers will know exactly what they are buying: a device that, should problems be found with the drivers, or when used with operating systems without supported drivers, is limited to a specified downgraded functionality.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Am I the only one who can't get worked up about this exploit? I mean, I should be thinking, "this is happening because of X, we should do Y to fix it!" And yet, I just can't develop an opinion either way. It's not that I'm wrestling with myself, it's just that I don't care.
;)
Analyzing this, I think the reason is because the NVidia and ATI drivers are a PITA everywhere. By installing the drivers, you agree to destablize your system in exchange for the most incredible 3D (and 2D to a certain degree) performance. When Something Bad Happens(TM), you just sort of take it as coming with the territory.
It's sort of like hooking Nitro up to your car. Sure, your engine is more powerful than ever. But are you really all that surprised when you bust a valve, crack a ring, or do some other form of damage to your hotrod?
It would be nice if OSS drivers could be created. But it's probably not going to happen. NVidia won't open their drivers (ATI, doubly so) and the OSS community doesn't have enough info to recreate them. Thus I think the best bet is the Open Graphics Project. If they produce a viable 3D card alternative, you'll finally be able to chose between a stable (but slower) 3D card, or a high-performance, hotrod 3D Card. Take your pick to meet your needs.
Oh, and keep a firewall in front of your machine and the internet. Pipe all your X communications over SSH. Just good safety sense.
Javascript + Nintendo DSi = DSiCade
That machine is a desktop / workstation anyway, and has no, or almost no (ssh being an only exception) means for anyone to obtain a non-console login in the first place. OTOH, a person physically sitting on a machine has no need to exploit it. Again, who cares?
How many people use the nVidia cards in their servers? None, I guess. nVidia, and most 3D-cards is used on personal systems, with one user, which is usually root. If that user can use a root exploit to become root - so what! Remember that you have to be able to control the X11 display server to take advantage of this, which means you *have* to be logged in locally or be root.
Whilst I agree with the principle, I don't think this bug will have *any* impact, as most home boxes have no accounts accessible from the internet, that is able to run X11. If they have, they probably have bigger problems. Same goes for people running untrusted code that can execute this: it could as well provide a shell, or whatever. Yet, the problem is then *untrusted* code. A person that runs untrusted code can probably be coerced into running that as root as well.
So my guess: zero impact!
Assembling etherkillers for fun an profit
For as long as I have lived, I have seen some unusual mottoes, but this one takes the cake.
Strike while the irony is hot! -- The Freethinker
How many root exploits have been found for this driver, and how many have been found for opensource elements of the kernel while this driver has existed? Touting this as a reason to drop the closed source driver is nothing but politics and fearmongering, you guys should know better.
Your post is not even *remotely* based on facts:
Keith Packard - maintainer of X.Org is a fulltime employee of Intel, and works 100% on improving X.Org including DRI/DRM and all 3D graphics drivers (Including Intel's).
How much specs do you want if a fully working 3D-enabled Open Source driver is released???
None of the graphics components of the i965 chipset (and afaik other chipsets) need a binary blob. As a matter of fact, there are no binary blobs for Intel Graphics chipsets at all.
Shape up and get informed.
I beg to differ: http://e1000.sf.net/
Apparently, the bug/exploit was fixed in the 9625 beta release. http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html
https://bugs.freedesktop.org/show_bug.cgi?id=3654
"The "nv" driver currently can't change the BIOS-programmed display timings. Unfortunately, this is not something that we can fix right now."
This just sucks, IMHO.
Theo LOVES to say "I told you so"
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Do you have a better suggestion?
/.
Well duh! Our only course of action is to bitch about it on
Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".
The problem is the same as why you shouldn't run as root all the time. If you use any networking app (such as Mozilla/Firefox) and it has any sort of code execution vulnerability (such as buffer overflows), then a potentially untrusted user could run code under your account, just by creating a buffer overflow using a specially formed web page or image file or mail/news message. With this vulnerablility, they can gain root access too. Do anything they want.
So this is gonna fuel the debate wether binary drivers are ok or not? WTF? Wether drivers are binary or not has absolutely *NOTHING* to do with wether there's an exploit or not. This is only gonna be abused by the 'all FOSS at all costs' faction. Linux and OSS owe a great deal of their success in recent years due to the all-out 100% fully official support of Linux by Nvidia. Knowing Nvidia they'll have a fix out at least as fast as any OSS project. Cut them some slack allready. It's not that everthing else in the Linux world has never had an exploit.
We suffer more in our imagination than in reality. - Seneca
They could contribute to the existing open-source drivers though. They did that with forcedeth.
Please, for the good of Humanity, vote Obama.
Free software users need to unite and say NO to binary blobs! Lets kick this crud out of our operating systems!
In the interests of full disclosure, don't forget to mention that you're saying NO to a lot of capability with your principled stand. You already understand this, I'm sure, and what you're losing (i.e., accelerated 3d) you obviously can do without. But for some, that's not negotiable.
I'd be curious to understand what you envision as the way forward from this. If we successfully "kick this crud out of our operating systems", as you put it, how do we get the features we're losing? Are you expecting a breakthrough in the Free developer community to reverse-engineer an unencumbered Free equivalent with full capabilities? The vendor to "come to its senses"? The user to decide "No, we really don't need that whizzy thing we can't have without binary crud"?
I am not optimistic about any of those three alternatives that I can guess at. Maybe you have another one I haven't come up with?
Welcome to the Panopticon. Used to be a prison, now it's your home.
Hey ... my neighbor runs linux with an nvidia card.
And he was showing me some fancy 3d stuff that
my xp can't do. So
I can hardly wait to turn the tables and take over
his system. So what is step 1 ...
:(
Oh, I see, first I have to break into his house
It wouldn't render fonts correctly for me unless I turned off the render acceleration, and even then fonts wouldn't render under WINE.
Much as I'd like to have the acceleration features of the card, I can't until nVidia figures out how to get their drivers relatively bug-free with FreeType and Xorg R7. That might take a while, so I'll just have to bide my time with the stock "nv" driver. Google Earth will be incredibly slow for me until that time:
* * * * *
It's only when you look at an ant through a magnifying glass on a sunny day that you realise how often they burst into flames.
--Harry Hill
http://www.nzone.com/object/nzone_downloads_rel70
as well as the 1.0-9626 QuadroPlex driver:
http://www.nvidia.com/object/linux_display_ia32_1
http://www.nvidia.com/object/linux_display_amd64_
Thanks
I have the perfect solution:
Trade in your video card for a second-hand AGP Radeon 9x00. You get fast mostly working 3D, open source drivers, and the binary lock-in nazis don't get a single penny of your money.
>This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.
This is the point. NVIDIA's driver is *NOT* part of Linux, but a loadable module distributed only in binary. Thus it is not subject to the scrutiny of quality, security and reliability testing that code must test before being official merged into the mainline kernel. Report recently: real-time support has arrived for linux 2.6.18, but the code has been useable for years if one were prepared to patch and compile their own kernel. Only now has the code been deemed satisfactory for introduction to the unpatched vanilla linux at kernel.org . The truth is, this policy works. How common is that you have kernel panic?
So the free nv driver in linux is certainly more secure and stable, as it is refined by hundreds of kernel developers. Yes NVIDIA can write a driver that gets better FPS - it is their hardware, for which they don't share the documentation. But this driver is the work of fewer developers, and to NVIDIA their linux drivers are of fractional importance to those for Windows. The binary is compiled on one machine for it's specific kernel, so can suffer incompatibility problems unless you run a fairly standard major version of the kernel.
MMM.. ok. Boycot the card makers, I doubt that they will feel any hit if you do. Linux is still a fringe OS when compared to the number of Windows machines in the home and business world. Hopefully it will become fully mainstream in the future. I myself have been using it since the .8 kernel and prefer it for certain things.
Most hardware makers don't "HAVE" to write drivers for Linux. Linux isn't their intended audience. Windows is their intended audience. Your average teen who cons his folks into spending $300 and up on a new whiz bang video card so he can frag his neighbors is going to be running his game on what? Not Linux..... Windows. Thus it makes more sense for the hardware developers to get the windows drivers working correctly first and foremost.
Some of the posters on here really remind me of the Amiga users back in the early 90's.....
The bottom line is this.... if you can live with certain issues, run the driver from nVidia. If not, use the open source drivers. Pretty simple solution. In the end you are responsible for the security of your machine, not nVidia. And yes yes yes, I agree that testing of code should be done before it is released. But read what I wrote about who their target audience is... it isn't Linux.
For those who whine about "open source zealots who whine about open source drivers":
LWN.net (as usual) has a great write-up of the reasons to insist on open source drivers.
There are several good reasons. Open source drivers are *important*. It cannot be said that one truly supports Linux if one only does so with closed drivers.
I'll be in the market for a monster computer early next year. Planned to go AMD, but since there is no PCIe based card with open source drivers, I think I will have to go with Intel just to get their GMA3000 integrated graphics. It's that important.
(Although, the reverse engineered R300 drivers might be good enough by then. If so, AMD might be an option.)
This is the best advice they could give you at this time because it's your only recourse to keep safely using the hardware while you're waiting for the vendor to get off its ass.
Compare this to the vunlerabitiles of open source software on Bugtraq et al where the diff to fix it is included in the disclosure mail.
Methinks you've completely missed the usefulness of "switch to Linux" as a response to closed source bugs.
Thing is, if NVidia (and ATI) just told us how to talk to the hardware, we would have had open source drivers without their code. No need for license issues.
As it was (with ATI) we would get incomplete, bare-bones specs months (if not years) after the hardware is released and nowadays we don't even have that. NVidia never provided any specs, but they saw value in having open source 2d-only driver.
And no, I don't have the faintest idea why things are this way.
I have never gotten dual-head support
out of the OS nv driver; the nVidia
closed-source drivers work for dual
head workstations.
As has been mentioned, why get an nVidia
card for your server? And this may be a
moot point for single-user workstations.
But do not assume that the nv driver is
a panacea.
"Never bullshit a bullshitter" All That Jazz
Hardware vendors, be they printers, video cards, or what-not, should work to 2 sets of specs:
If you want them to go through all of this effort, there has to be a real financial benefit to them. I fail to see where it is in this case.
Will they realize some new business as a result of this extra work? Will they lose any significant number of sales if they choose not to do it? Doubtful.
If you mean "should" in the altruistic "do it because we'd really like you to" sense, well... remember, nVidia is a closed-source, for-profit company. Show them the money and it'll happen.
And no, I don't have the faintest idea why things are this way.
It's about DRM. With a closed source driver AND no specs how to access the hardware, vendors like NVidia and ATI can effectively prevent you from displaying (or capturing) material with nasties like MacroVision etc... If they opened the HW-specs, circumventing this crippling feature^Wbug would be easy as pie. Therefore, they don't.cpghost at Cordula's Web.
Not only is it closed source, I bet they prioritise execution time and quick development over getting the security right. (After all, it makes commercial sense to do so, at least until there's a high-profile remotely exploitable security hole due to it. And of course, that'd never happen - after all, it's just a graphics card driver, right? There's obviously no way someone could use that to get remote code execution...)
If you detected sarcasm in the previous paragraph - congratulations!
I think including "closed-source" shows a useful distinction. I don't know anybody who wants to smear Nvidia, however we have to uphold the principles that Open-Source Software stands for. (I won't go off on the diatribe, we've all heard it.) It was definitely worth noting that the vulnerability was not caused by Open-Source software. After all, we don't want anybody smearing our community name either.
The nouveau project is actively working on a free software driver for nVidia cards that will hopefully replace the nv driver one of these days. They could use some help.
http://nouveau.freedesktop.org/wiki/
http://wiki.x.org/wiki/nv
Quite often, something free is worth what you paid for it. nVidia has absolutely first rate drivers and while it's nice to think that there's millions of talented driver writers out there just waiting for a chance to make good drivers, that's just not the case. Writing good drivers isn't easy, that's one of the reasons nVidia is so popular with many is their top notch team does such a good job of it.
Also, they just can't. They have licensed code in their drivers that can't be opened up. Want real OpenGL? Well than you takes what you gets. OpenGL isn't free to hardware developers. It's $25,000 to $100,000, plus royalties for distribution and it does come with terms and conditions on it's release. There's also licenses on patented code like S3TC in there.
Now if the Linux community wanted to develop their own graphics API that was unencumbered, then maybe you could convince the companies to open their code up. However if you want a full featured GL driver, you are going to need to deal with closed source, at least form nVidia and ATi since they've both already signed licenses on it.
This is a buffer overflow in the closed-source Nvidia X11 driver, not the kernel modules. As far as I'm aware, Nvidia has no binary blobs that get loaded into the Linux kernel. ATI does, but Nvidia doesn't, all their kernel modules are open source.
And for the record, X11 drivers run in userland, as root so they can access hardware ports directly. There's no real reason for them to require root, except that allowing any process to access hardware ports will undermine the security and stability of the system. What you could do is use capabilities to give X11 the ability to access particular hardware ports directly and run it as a regular user instead of root. As long as only root can assign the capabilities you'll be fine.
How we know is more important than what we know.
Your suggestion to change the subject of the post to remove "Closed-Source" is unfounded. There *IS* actually an open-sourced driver for nVidia and the problem is only with the closed (accellerated) driver.
Scott Dowdle
www.MontanaLinux.Org
>> It's also the version without GL support. Without GL support you might as well have a Mach64 in there.
:-)
Well since you mention Matrox, get their G550 which has both GL support *and* open drivers.
The Matrox G550 PCIe card works perfectly with the pure open-source mga driver that comes as standard with all recent kernels. I've been using it in my Dell 2800 server, and its record of reliability is 100%.
Matrox even boldly proclaim their Linux source driver support on the box. That's quite unusual!
The card also has the distinction of being the only graphics card in existence that can run in a PCIe slot of 8 lanes or fewer, as it's a 1-lane card (all other PCIe graphics cards use 16 lanes), which means that it will work in traditional "server" chassis that tend to have 1/2/4/8-lane PCIe only.
And it's cheap and fanless too! I'm pretty impressed with it.
how long have you known that nvidia's linux drivers are unsupported? I should hope you knew about that from day one. They're not obligated (morally or legally) to fix shit in these drivers.
How we know is more important than what we know.
I wonder just how much at all such vulnerability relevant to real world?
I yet to see single server using nVidia cards - let alone running X at all. (Okay, I know, some ex-Wind0ze admins like to run GUIs on servers.)
Rest of the *nix systems using nVidia blob driver - are workstations with single user and administrator in one person. Just like I have at home. The bug is irrelevant.
IOW, I'd rather rename the topic to "Bug in nVidia closed-source Linux driver". It's just stupid calling any every crash/panic a vulnerability.
All hope abandon ye who enter here.
How many kernel exploits have there been in the open-source part of the Linux/FreeBSD kernels in recent years?
Granted, open-source allows you to audit/fix it yourself, but it's not a magic bullet.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
http://lwn.net/Articles/204543/
This is fixed in the driver nvidia has marked stable.
I call BS. At the very least they could bring a hell of a lot of the ship above the waterline, which they haven't done.
You could fit a bloody kernel inside that blob. All of that is potential attack vector. Opening whatever parts are openable should be a no-brainer unless there's something else going on in there.
And it ain't DRM - how much DRM-workaroundery is done in collusion with your videocard?
Should be careful when you fling around names. Atheros do have a binary blob for their wireless chisp. But guess what, so does intel with their firmware. Atheros cards (supported by the madwifi driver) don't have firmware as such, most of it is done on the host PC. So they're pretty much equivalent.
Just keeping people informed.
(a) using an open-source wrapper, so their real driver doesn't use any of the Linux kernel interfaces directly,
.... (fill in here).
The glue code links to the kernel directly. So it must be GPL. The user space code links to the glue code directly. So it must be
where it says switching away from linux that should have been switching away from windows.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
ok, I for one am all for a happy medium between these 2 groups. These companies are trying to stay on the bleeding edge of technology. They are also major employers of geeks and nerds (our bretheren). They have to have fundage to push technology forward. Yes, I run linux on every computer I own, but people have to realize that 95% of consumers dont care. They just want everything to auto-magically work. Until this happens linux will be a minority. If Nvidia open sourced their driver their competitors would have the upper-hand, and they wouldn't be so "bleeding edge" anymore and have less money for r&d and to pay their programmers. From a business perspective, they would lose way more than they gained from the deal. To be honest most "bleeding edge" OSS software is buggy too. I think Id software's model of GPL game engines is the ideal model in this case, but oh well. Sure it gets on my nerves that companies won't develop for linux.. I make websites a native Linux Flash Authoring tool would really make me a happy camper. When a company commercial or not develops for a platform I love, I happen to jump for joy and praise the gods... Nvidia's cards work and rock in linux.. Don't you people ever appreciate what you have? I thank nvidia everyday for making good quality linux drivers. Are they perfect? no, but then again nothing ever is.
"This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux."
Allowed huh? I thought linux was about having choices. How is preventing binary drivers from working with the linux kernel true to the free mantra of the FOSS crowd?
A mark of a successful free system is that it allows people to use it in ways that the creators didn't intend and are actually offended by. How does the old saying go? Consistency is the hobgoblin of small minds.
Has anybody tried to to this on Fedora Core 5? They have basically annihilated buffer overflows due to their usage of things like IBM Pro-Police with everything compiled to run on FC5. I spent an entire semester studying work-arounds so we could obtain root level exploits, but almost all stack based methods are useless against that platform, and only some heap-based overflow methods are remotely possible.* Programs running on FC5 at the moment are very difficult to attack in this classical manner, and it is usually on these GUI-oriented distros (fedora, ubuntu..etc) that you find any need for 3D acceleration.
Note that heap overflows are rather rare. Note also that FC4 is perfectly vulnerable to all kinds of attack.
Maybe if/when the OpenGraphics (now OpenHardware) plan comes off the ground finally: http://wiki.duskglow.com/tiki-index.php?page=Open- Graphics
They'll need a lot of money to start production though, and who is going to pay substantial money for a video card that they know will not be top of the commercial range? (OK, I probably would)
To be, or not to be: isn't that quite logical, Slashdot Beta?
Doesn't sound too bad, except I don't need a $100 underpowered dual head card. I see they have AGP, but what about normal 3d cards? ...hmmm...I do recall seeing a "free" (after rebate) matrox card on tigerdirect. If it wouldn't fry my computer (my computer is not compatible with its voltage), I'd try it.
Maybe I should check tigerdirect again see if they have any better matrox cards...
The OpenGraphics.org project will release a 3D OpenGL enabled graphics card with full specifications and schematics so that FOSS developers can write open source drivers for Linux and BSDs. The consumer graphics card (code-named OGA) will be release after a development board (code-named OGD1) is produced. The key step is to make enough revenue (around $2 million) from selling the multi-function development board to fund the mass production of the consumer card.
Unless there is a wealthy individual / corporation out there who is willing to invest in order to manufacture this card earlier. The FOSS-friendly card will surely have a big appeal in Linux circles.
it seems that the original forums post, found here http://www.nvnews.net/vbulletin/showthread.php?p=9 31048
stipulates that you use the nvidia driver aka 'nvidia' in correlation to gedit. This will crash X.
HOWEVER
if you were to use the driver 'nvidia' with Kate, this would not crash it.
nvidia driver flaw? yes, noting the use of gtk in addition
``This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux''
As if root exploits never occur in open source software.
Please correct me if I got my facts wrong.
I mean, it's not like anyone out there actually has a disassembler or anything. If there was anything worth digging for in their binary drivers, someone would have disassembled that bit and posted it as code already.
Weaselmancer
rediculous.
The vulnerability also applies to browsing websites with a local X client (e.g. posting on slashdot). Even a non-malicious site can exhibit a DoS if it contains long INPUT fields. (I think that was visible, not logical size.) So you can get rooted while browsing random sites.
Perhaps you need to get out more and realise there is more that runs on computers than linux and some home computer operating system sold by Microsoft.
Yeah, I know. It's pretty piss funny that over 200 messages on Slashdot can be posted about this bug in linux kernel drivers, when they're actually in the x11 drivers.
How we know is more important than what we know.
We probably just have to wait for somebody at nvidia to retire or change jobs or an agreement with a third party to expire - they've come more than halfway which would only happen if a few people there wanted to open it up.
no, you need to get out and realise that all proprietary software is insecure. period.
How we know is more important than what we know.
So if you do that little in 3D...why do you have that kind of card in the first place?
They have a patch out, and an advisory before a fix may have been a little irresponsible, tipping people to the issue. Not to mention the small impact on most security sensitive applications. You're either lying and don't have an Nvidia card, or are being purely political.
Derek Greene
I love you all and I hate all blobs.
I use one blob and I hate it: nvidia.
But there is no TV-out with nv.
That *is* a problem. I agree with RMS and TdR.
And still, I want to watch movies on the tube. So how ?
Ignoring the argument of Binary vs OSS drivers for a minute.
The root of this problem is 'C'. The nVidia programmers have way too much power. Buffer overruns, string comparisons, memory access, pointer arithmetic. These features need to be banned from modern computing.
Just last week over prune juice, I was telling Linus, Theo, and Dave Cutler why they should only allow C#/Java/Python based video drivers in their kernels.
Enjoy,
It's just the normal noises in here.
Will they patch the legacy drivers too?
I, for one, have a TNT2 PCI video board to run a second monitor.
(And I'll not mention how closed-source sucks, for the risk of being modded redundant.)
factor 966971: 966971
Hey, call me dumb or whatnot but I actually bought an ATi Radeon x1900 to put in my Linux box to do a dual-head setup. I have to use the fglrx drivers to get the dual head to work, naturally. But you know what? They actually DO work (and work well) and it wasn't any more difficult to get them to work than NVIDIA's drivers. About the only kvetch with them is that XVideo is a little funky, so I watch my movies with xine outputting to OpenGL and not XVideo. Not a big deal at all, and the card is some kind of fast...
Just "gittin-r-done," day after day.
As someone who runs as root all the time, "full access" to my system basically means anything that I'd otherwise need access to with a limited-user account. For most of you, this is /home/x. For me, it's many places. Wherever its location, if I ran as a limited user account I'd still need full access to every last IMPORTANT file on my system. /lib can be replaced. /bin can be replaced. /home is gone whether I'm root or not, and that's what can't as easily be replaced.
As for not needing root for 99.999% of tasks, I suppose if web browsing and solitaire is what you spend your time doing on a computer, you're correct. However, an awful lot (99.999%) of how-tos specifically mention using sudo in them for a reason - it's a pain to administer your system as a non-root user.
Pretty much by definition, if I can do almost all of what I need without being root, I might as well be root anyway. Because at that point an attacker can do the most damage possible anyway.
I can re-install my OS. I can't re-install my data (not as easily, anyway). There's simply no need to avoid root on a single-user, desktop system - unless you seriously worry about rm -rf 'ing your system by mistake.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Oh, and keep a firewall in front of your machine and the internet. Pipe all your X communications over SSH.
And don't surf the web, read email, use java applets, look at documents with fancy fonts embedded, watch flash, etc.
If you read the fine article you'll see that this particular root exploit can be done through essentially any application that can hand defined fonts and a text string using them to X.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
We don't see the world as it is, we see it as we are.
-- Anais Nin
How insecure is your car engine management system or aircraft avionics systems? These things are subject to peer review as well so a blanket statement doesn't make sense. Please think before you call people immature names, or others may point out that the balls dangling before your eyes are obscuring your vision.
hehe, you are aware that people hack car engine management systems right? I'm sure if more people owned personal aircraft they'd be hacking those too.
What a completely bogus argument.
How we know is more important than what we know.
We don't see the world as it is, we see it as we are.
-- Anais Nin
We don't see the world as it is, we see it as we are.
-- Anais Nin
Wrong, there are no terms that restrict how you can *use* Linux. The GPL doesn't, in fact it explicitly says that it isn't binding on users. And it also explicitly states that you can't add terms, which includes terms that are binding on users.
The GPL *only* applies if you *distribute* Linux or a derivative work of it.
As distinct from a blanket statement based on ignorance and backed by profanity?
As much as I'd like to see open source drivers, Nvidia has a right to protect their intellectual property. Opening up their drivers would probably give away some performance tweaks or trade secrets that would directly benefit ATi. The one thing that Nvidia has going for them is the top-notch drivers that everyone always seems to talk about, opening that up would take away the one benefit they have over ATi.
Computers are already filled with binary blobs in their CPUs, BIOS and so on.
I don't see the difference in quality, most software is crap whether OSS or closed source.
There have been 2 year old problems in open source code as well. There are flaky open source drivers, and open source software that's full of holes. One could even argue that PHP is more evil than nvidia's binary blob...
The old open-source Netscape was a multiyear security problem, so much so even till today I look at Mozilla/Firefox with suspicion - and my suspicions seem to be justified every month or so...
The big problem is on Linux the nvidia driver code has high privileges and there's no way to get around that other than not use the driver. In contrast I run Firefox using a different user account from my main user account, so any normal browser exploit won't affect my other accounts.
Any linux driver level exploit can just bypass that. Whether or not it is closed or opensource if there's such a bug it'll be the same problem.
The only difference supposedly is that the fix could be faster if it's opensource. BUT even that's not guaranteed - not that many people understand the big picture enough to make a decent fix. I have seen cases in the OSS world where a volunteer's quick fix is not accepted by the main developers because it's not good enough or could cause other problems.
There's currently no incentive for Nvidia to make much better quality drivers since it seems that ATI's drivers are even worse, and Matrox just isn't much of a competitor. The appears to be insufficient incentive for Nvidia to release sufficient specs to allow the OSS community to write full-featured open source drivers for Nvidia hardware.
If anyone can come up with compelling reasons that will _benefit_ Nvidia enough please do. Just saying "binary blob = evil and OSS = good" is pretty stupid.
im gonna go out on a limb here and guess that this root exploit only works if your running code that exploits it on your computer.
my suggestion: dont run any untrusted code on your computer! de de deee!
just like normal, use a bit of caution
im sure nvidia will fix it soon anyway
I run Ubuntu Edgy plus Beryl compositing window manager (the community-maintained fork of AIGLX + compiz) using the 'radeon' driver on my x700. Free as a bird.
A lot of people really seem to miss the point about exploits that can only be used locally... These are still every bit as serious as remote exploits!
If you follow best practices, you'll probably end up with a system where any vulnerability only leads to access as a user. But when there are local root exploits available, you can escalate that user access to root access and hide your rootkits there.
So with this Nvidia bug, the real risk is that another service gets compromised and the attacker then uses this exploit to get root. Once they have root, they can install rootkits, etc.
Comment removed based on user account deletion
Except that, with modern OS, specially with opensource ones, the BIOS it self is only used to start up the computer, initialise the hardware and boot up the OS. From then onward, the BIOS is mostly unused and OS' drivers kick in. You seldom hear of root exploits using BIOSes (appart from some very weird and rare ACPI case)
And, besides, there exists open-source projects to provide an opensource replacement for those who need to use their hardware in ways which weren't initially planned.
Firmwares are the only blob that is really widespread today, and as they don't run on the CPU they aren't really part of the OS and aren't very exploitable either.
Except that in this case, nVidia isn't helping at all to build something other. They don't release any specs or whatever that could be used to build some nVidia support into freesoftware beside a limited 2D nv driver.
And open-source isn't only about security : it's also about freedom of choice. Which include freedom to run your software on whatever piece of hardware ou choose (or at least, manage to compile it for).
nVidia produces PCI GeForce FX cards (Cards that support DirectX 9 level of shaders). PCI connector are found in a very wide area of machines (including PowerPC based, Sparc based, Itaniums, etc...). But, you're stuck at only being able to run them on x86 processors and more recently x64 processors.
Linux and other freesoftware like GNU, being open, could be used on a very wide area of devices, and used in amazingly creative ways that Linus and RMS themselves haven't though about (see the Linux will never be ported to 68k or GNU cannot be run on DOS). If binary blobs start to proliferate under linux, you'll be stuck : limited to only what usage the blob developper have decided to spend time supporting. You start loosing advantage of running linux and in the end there won't be much point running linux instead of windows.
Last but not least, open-source drivers allow to keep supporting old hardware. As long there's a big enough community of users, old hardware will still get drivers developped for it. As exemples I'll point to Voodoo gfx card : 3dfx went bankrupt a long ago, but because the Glide driver source was released and because you find other good open-source project like Mesa3D, there are still community-made drivers for it, including for Windows 64.
Whereas, on the other hand, blob maker may drop support for some old hardware at some point even if there are still users around... in a way they need to sell hardware to earn money and droping support for old hardware may entice people to buy newer hardware.
If anyone can come up with compelling reasons that will _benefit_ Nvidia enough please do. Just saying "binary blob = evil and OSS = good" is pretty stupid.
Except that in this case, nVidia isn't helping at all to build something other. They don't release any specs or whatever that could be used to build some nVidia support into freesoftware beside a limited 2D nv driver.
And open-source isn't only about security : it's also about freedom of choice. Which include freedom to run your software on whatever piece of hardware ou choose (or at least, manage to compile it for).
nVidia produces PCI GeForce FX cards (Cards that support DirectX 9 level of shaders). PCI connect
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Comment removed based on user account deletion
I have just installed NVIDIA-Linux-x86-1.0-9625 and it seems ok so far. I've visited a few of the troublesome links with firefox 1.5.0.7 and it's not crashed X yet. I was using NVIDIA-Linux-x86-1.0-8762 before the update, and several times I've had X crap out on me. I don't believe I was r00ted though, after reading about the glyph problems. It can also be triggered by a long "get" request, or long lines of text in a form field. I was using TinyMCE when it first happened to me. Here's a test url that supposedly crashes X from firefox - http://comptune.com/calc.php?methos=POST&base1=10
I didn't check this before the update though, so it may not be conclusive.
My main complaint about the whole issue is that I only found out because it was posted here. I don't have time to go checking for updates and exploits for all my different drivers and software, that's why yum runs from cron every night. It would have been nice if somebody (nVidia) had posted that a new version was available that fixed potential security holes, or even had a version checker built in to notify me of an update.
Lessee, unless I'm misinformed, de-acronyizing that resultts in "binary binary large object". So, what's the alternative, an ASCII binary large object?
mark "still speaks English"
I was trying to give nvidia a piece of my mind, but their webform doesn't seem to work. So here are the email addresses I found:
info@nvidia.com
websupport@nvidia.com
for anyone lazy (like me), you might like to peruse this message:
Dear people of nVidia,
Since I care about my freedom and being in control of my own computer and its SECURITY, I choose to run free software only, but you make this very difficult. http://kerneltrap.org/node/7228 mentions a vulnerabillity in your driver which you have known about for about TWO YEARS. Things like this need to be fixed in ONE DAY. You have managed to completely lose my trust and respect. I will not be suckered any more into buying any product which is not properly supported, because it has superior performance. And properly supported means that the specifications of the hardware and a free software driver are available. I will not surrender my freedom to you or to anyone else anymore, ever.
I hope you will reconsider your actions and release your drivers as free software and make your hardware specifications available, such that current free software drivers can more fully support the features of your offerings, such as 3d acceleration(!) and dual outputs.
Sincerely,
[your name]
"The drivers on that page are "BETA". Not released."
Well, the "nv" drivers not only aren't beta, they are prealpha and prehistoric as they don't have any kind
of hardware acceleration. still the beta 9xxxx drivers are a better workaround (and they're already in use
in all the bleeding edge systems because of glx_texture_from_pixmap support : compiz/beryl without need of XGL)
Look what I found with my fold-up trenching shovel: it's the original OpenBSD security advisory with diff output dated to 26 June 2002.
This bug can be exploited remotely if
ChallengeResponseAuthentication
is enabled in sshd_config. This option is enabled
by default on OpenBSD and other systems.
Now let's look at some of the points raised in consideration of why it happened and whether it might (or most definitely will) happen again.
b. We could not alert the community that disabling
ChallengeResponseAuthentication solved the problem, since
this would highlight that the bug is in about 500 out of
27,000 lines of code.
One detail we glean here is that OpenSSH has become a rather large body of code. This is the heart of the troubled teenage years of the OpenSSH project, when the body of code is filling out as it enters its adult years faster than a principled audit can keep pace.
3. Short-Term Solution:
Disable ChallengeResponseAuthentication in sshd_config.
and
Disable PAMAuthenticationViaKbdInt in sshd_config.
Alternatively you can prevent privilege escalation
if you enable UsePrivilegeSeparation in sshd_config.
If UsePrivilegeSeparation had been enabled in OpenBSD at that time, they presently be advertising on their web page having no remote root exploits in the last ten years. Why would do all the work to create this feature, and then not employ it? Another clue emerges:
h. Some vendors were initally upset by this policy of non-disclosure,
largely because the UsePrivilegeSeparation code was only about 90%
functional in OpenSSH 3.3:
People were upset with the suggestion to employ priv-sep because it wasn't entirely finished yet. What is clear however, is that in the time period leading up to the discovery of this exploit, the OpenBSD team was devoting considerable energy to mitigating the risk at the most fundamental level: reducing the 27,000 body of code running with root to a far smaller nucleus.
From an old SecuriTeam commentary (emphasis mine).
Once this work was completed, the scope for root exploits (as measured in LOC) was reduced by 90% for all time. Alternately, one can view the new landscape as permitting a factor of ten increase in the resources available to conduct security audits on the 2500 lines of code which retained privilege. Perhaps if the key talent hadn't been so busy implementing priv sep, they might have had the resources available to discover the root exploit before it tarnished their unblemished record. Note that this exploit was not present in the 2500 line kernel that retained privilege.
Furthermore, the actual code defect (in the prospective non-privileged code base) was not discovered by some zit-faced l33t or random black-hat.
e. We believed very strongly that the issue was unknown in the
In short, this is just some exploit writer trying to be a pain in the ass. This is not being actively exploited, 99% of users have little or no exposure to this.
Let me summarize:
Him: Closed source drivers are bad...
Us: Why? I like my graphics, it works well. I'm happy.
Him: (*writes exploit*) See, that's why! Bad bad baaaad!
No worries. First off, they can never place restrictions on how you may *USE* GPL'd software.
Linux can only make it really really annoying to use closed source drivers. They can forbid redistribution without source code, and that's it. But to take it any further than that, by say, refusing to load non-GPL kernel modules, they would be falling into the very same trap that GPL3 is trying to eliminate. The so-called "tivofication", where the software is open but if you change it, it ceases to function.
>> So my guess: zero impact!
Agreed. Nobody cares.
*yawn*
It's like this... All software has bugs. Some bugs can be exploited. Nothing is risk free. You can't patch what you don't know exists. If I have remote network exploit against FreeBSD, and I don't tell anyone, it's not likely to get fixed anytime soon. Now some might argue that no such thing exists. But you can't say it's impossible can you?
But what about closed source network drivers? Wifi maybe...
Oh you're using one now?
What happens if there's a driver exploit for that?
Uh-oh...
Already happened... oops.
So we have three possible routes to privilege escalation. One, the person already has shell access. This is rather rare these days. In any case, you can restrict access to X to only those people you trust or can hold accountable. Two, a remote X client. Who allows remote X connections these days? Require shell access with X connection tunneling through SSH and see #1, above.
Three, you are running an X based web browser and visit a malicious web page. Okay, to prove this is not an issue, let me quote from the article again:
Okay, to work, the exploit needs to provide glyph data to be rendered. From the sound of it, without being able to supply arbitrary glyph data, the best that an attacker can accomplish is a DoS for as long as you are visiting that site. So, practice safe browsing, turn off embedded fonts, Flash, and Java for untrusted sites.
I am predicting that this exploit will not affect many people.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
By the exact same argument, the community could have used the disassembled code to make an open-source driver already.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
From:
1 028873#post1028873
/etc/X11/xorg.conf file
http://www.nvnews.net/vbulletin/showthread.php?p=
You can put
Option "RenderAccel" "False"
in your
or
You can upgrade to 1.0-9625 or 1.0-9626
Pretty easy fix. I'm running a job now to secure all 300 of my NVidia lab machines
with the RenderAccel" "False" line.
-- If there's one thing i can't stand, it's intolerance!
How about you try it with and without the proprietary driver on the same browser and see what happens for yourself?
It has just one huge problem: the digital output is limited to 1280x1024.
I only need one output. I don't need analog shit at all. I just need dual-link support for something like the Apple Cinema HD Display, 30" at 2560x1600.
I don't even really need the 3D, though I guess I could abuse 3D for scaling video or compositing.
Uhuh, and how does firefox crashing have anything to do with the user's IRC session ending? Answer: it doesn't. Now, if the X server crashed, then the irc session would end also (assuming an X based IRC client and not a text based one running in a terminal within a screen session or the chatzilla extension).
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
> The only type of machine this exploit targets are machines with multiple untrusted user accounts. I can't imagine why someone would be running this NVIDIA graphics driver on a server type machine anyway...
Possibilities:
1. Guest access at a library that is avoiding use of Microsoft products.
2. Corporate environments where you might want a secretary to have graphical use but not access to arbitrary files.
3. School environments where lots of students share a few computers.
Hmm... those sound like good places for Linux, where graphics are desirable.
Seriously, the "Only one person will use a computer" response sounds like Microsoft's response to shatter attacks.
> I defy you to point to a model that predicted Bill Gate's recent charitable contributions. You just don't have one.
Alright, how about a model that states that people will invest money whereever they feel that the total return will be the best.
Why give to charity? Why donate time and effort to free software?
Because people feel that the total return will be best.
What is the total return?
That's dependent on the individual.
Some people only look at total funds in their pocket.
Some people look at the improvements to society for the next generation to grow up in
Sometimes that is specifically what will benefit the portion of society that their own children will see, not the world as a whole.
You really want a suprise in economics? How does the success of free software -- specifically, the stuff built and maintained by donated time, not research funds backed time -- differ from "the problem of the commons"? Here the commons actually works.