Slashdot Mirror
ATI Driver Flaw Exposes Vista Kernel to Attackers
Shack0ption writes "An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Windows Vista kernel. The utility, released by Alex Ionescu and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista — effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system. Ionescu confirmed his tool was exploiting a vulnerability in an ATI driver — atidsmxx.sys, version 3.0.502.0 — to patch the kernel to turn off certain checks for signed drivers. This meant that a malicious rootkit author could essentially piggyback on ATI's legitimately signed driver to tamper with the Vista kernel."
ok...
so windows vista trusts ATI.
ATI trusts themselves.
I don't trust no one, especially closed-source drivers from ATI.
shouldn't they simply replace their "fglrx" with "ati", in their xorg.conf?
Vista has an anti-DRM mechanism built-in? Wow, and I thought Linux stood for free sofware... way to go Redmond!
Where is that guy who'd die defending what I had to say when I need him?
if each driver had its own separate space, this flaw wouldn't affect the rest of the system.
I wonder (obviously not a kernel developer here), would a micro kernel prevent these types of problems, where malicious code which normally wouldn't have permission to do things, attack a part of the kernel (video driver) which does and so gain permissions?
When hardware drivers are responsible for system integrity, all hope of safety is permanently lost. Introducing the new battleground for virus writers... fake patches:
YOUR VIDEO CARD NEEDS NEW DRIVERS: CLICK NEXT!!!!!
The dangers of knowledge trigger emotional distress in human beings.
FTFA, quoting a Symantec senior manager: "Basically, that ATI driver has functionality that allows you to read and write kernel memory. It's either a bug or a feature of the driver." I guess it's a feature to the bad guys. To everyone else, it's a bug.
The fact that people are actually going to the lengths of breaking into Windows by using a legitimate driver with kernel access to load in rootkits...the fact that it even requires explaining, means that Windows has reached some type of real security. I mean, with Windows 98, you would just hit enter on the login dialog box, and there you were!
Hopefully I didn't put any [] around my words.
It starts here, with me. Microsoft is making driver devs jump through hoops with the whole signed-drivers thing when all it takes (as has been shown in this case) is ONE signed driver with ONE exploitable flaw to break the whole scheme.
What are Microsoft going to do now? Revoke the key they used to sign drivers with? How many copies of Vista wich verify drivers with the now-revoked pubkey have already been sold? How many devices were sold in retail with drivers which will no longer JustWork(tm)? Will Microsoft and the OEMs have the resources to re-certify each of those, or will they sign blindly?
Each of those probably stands a 50-50 chance of being either rooted or patched with the new key the first time it's connected to the 'net. How's that for convenience?
Oh, did I mention that finding another bug in another driver signed with the new key will mean the whole process must be repeated?
Oh and did I mention that if someone finds such a bug and sits on it, they have root to any Vista system in existence, until the bug is found and fixed (which may be never)?
Something bad is coming when people are suddenly anxious to tell the truth.
Seems like the real concern is not that ATI's code opens a security hole. You know ATI will patch it. A more important question is, how many other securely-signed drivers, etc., have similar holes? How many drivers are there in a typical Windows Vista system, anyway?
At least Microsoft can say (with some truth) that it's not THEIR software which introduces the problem! (it actually is, of course, but not directly)
$nice = $webHosting + $domainNames + $sslCerts
Very quickly.
u rity/2100-1012_3-6032344.html
You must be new here, so I'll try and enlighten you.
You see, Microsoft is a lot like the smelly kid in 3rd grade that
used to drop a load in his shorts and not say anything while
everyone wandered around trying to figure out what died, where.
After a few of these episodes, whenever there was a strange smell,
it would come to pass that the smelly kid dropped another load.
Now, to make matters worse for the smelly kid, imagine him running
around telling everyone that he has solved the problem*. People are
relieved for a while until, guess what? The smelly kid drops another
load. How can this happen, isn't this supposed to be fixed?
This insane cycle of disappointment/re-assurance causes people to
get cynical very quickly and as a result, causes people to start complaining
very quickly.
[*] - http://news.com.com/Allchin+Buy+Vista+for+the+sec
boycott slashdot February 10th - 17th check out: altSlashdot.org
From the article:
For my part, I'm not going to play the blame game since I don't know better either way. I am, however, in some strange way comforted to see that Windows users are starting to have issues with ATI drivers, too.
All those years of trying to get fglrx to work, avenged!
So, is that what you call passive aggression?
weirdest thing I ever saw: scientology advertising on slashdot.
What does it matter? Neither of them bother with proper overlay any more.
My last nVidia card was simply without overlay hardware. My last ATi card's overlay dropped resolution when a high refresh rate was used. At least the nVidia card could play a video at full res without resorting to GL.
It's not all about the 3D...
You do have a point about the drivers, though. While closed, nVidia's Linux module hasn't provided nearly as much heartache as ATi's... abomination.
(BTW--I've been using Linux as my primary OS since 1996, so no I'm not Linux bashing)
Well, one thing to consider is this -- how different are other OSes like Linux? With Linux, a root exploit in a kernel module gains you access to the whole system as well, especially when you consider that it uses a monolithic kernel. IOW, kernel modules directly patch the Linux kernel, live, in memory. Now consider that the ATI drivers for Linux are based at least in part on the ATI drivers for Windows.
Mind you that some things like SELinux might help to mitigate some of this in some scenarios, but not in all.
My blog
Actually I'm amazed it took almost a year. I would've betted my annual income that something like this would surface before May.
Let's take a look at the inner workings of the system. Yes, MS has full access to the source code, so their drivers will probably not leak. They also have no "real" competition on the OS market (yes, there's Linux, there's MacOS, but what company would switch?). They can take their time to proof and perfect their drivers until you can be certain that they don't leak.
Do third party vendors have the source? No. Do they have tight schedules and competition breathing down their neck? You bet. Will they prefer performance or security? Well, what of those two is tested on pages like THG?
Worse yet, what if such a driver actually allows a user to "crack open" his system and use it as he pleases? Could you see people buy a cheap ATI card just for the purpose of disabling the DRM? I mean, there have been really, really crappy games for some consoles that sold surprisingly well, because they contained a bug that allowed disabling certain security measures. Save-game exploits were quite popular for a while.
Could you see that this "security" bug could actually be a selling argument FOR the hardware rather than against it?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So the reason ATI is not giving us Linux users free drivers, is because they care about the security of our systems. Talk about irony!
Res publica non dominetur
The fglrx module expects the registers related to Thread Local Storage to be in a certain state. If you mess around with it, you can cause a kernel crash. Try running wincecfg from =0.9.31 includes a check for fglrx in TLS mode and aborts), it will crash the kernel with 100% repeatability. You can find details in ATI and wine bugzillas.
I always wondered if this could be turned into a more dangerous security exploit. And now I wonder how much code is shared between fglrx and the Windows driver, as it seems it has similar bugs.
Each of those probably stands a 50-50 chance of being either rooted or patched with the new key the first time it's connected to the 'net.
It's a local exploit.
did I mention that finding another bug in another driver signed with the new key will mean the whole process must be repeated?
Third parties write crap, exploitable code and it's MS's fault? You can write exploitable kernel modules for Linux as well, yet somehow I don't think you'd be blaming that on Linus. If anything, this is an argument for open source drivers, not against MS's scheme - although how many people actually have the skill to audit the code they run, let alone auditing it?
did I mention that if someone finds such a bug and sits on it, they have root to any Vista system in existence
Every Vista install that uses the exploitable driver, you mean. Just as an exploitable driver for Linux would open every Linux install that uses that driver. For example, I have an NVidia card; as and when I upgrade to Vista, I won't be vulnerable to this particular exploit.
Try to tone the hyperbole down a little, it's not very becoming.
It's official. Most of you are morons.
But you'll also find that the Linux kid will also drop a "load in his shorts" if he's using a kernel module with a flaw that can be exploited.
It is impossible to prove that any piece of software is 100% bug free. Impossible. Regardless of your operating system, if you trust kernel-level drivers (you actually want to *do* something useful with your system?), chances are that somewhere there is an exploitable flaw. It's just that no-one may have found it yet. There is no such thing as a 100% secure system.
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
And this is why I have used nVidia hardware since I upgraded from my Voodoo 3 3000. While ATI and nVidia may go back and forth in hardware performance, nVidia has much better driver support on Linux or Windows.
*Still rather upset That there is no linux acceleration driver for the ATI Rage Mobility in the original iBook, I would much rather run Linux on it than OS X or OS 9.
You say you want a revolution....
Verisign just signs the driver author's certificate, and even then just to say "these guys are who they say they are, and they're doing code signing with the key matching this certificate". They most certainly say nothing at all about the correctness of the drivers; that's up to the driver author (and maybe Microsoft too).
"Little does he know, but there is no 'I' in 'Idiot'!"
Actually, Windows will accept only stuff signed by Microsoft itself, and they take a hefty chunk of change for the privilege. You cannot also choose to have a driver which Microsoft doesn't like signed -- so that state-of-the-art professional sound processing tools are a no-no if they somehow can be used to record "premium content". Or if, say, the driver's authors somehow competes with MS.
VeriSign can sign only SSL certs and certain less-well-known types of keys for you.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
the Linux kid will also drop a "load in his shorts"
No, he will dump a core in his shorts.
Follow me
Just like the OS market... look how Windows' price has risen and how much of an improvement Vista is over XP.
Follow me
This is exactly why the OpenBSD folks have been fighting against binary blobs and demanding open source drivers for hardware. Too many other open source OS's will gladly take a closed binary blob so that they can run hardware. And that leads to possible exploits down the road.
Oops, I guess not....
8 .html
Because WPF is largely written in managed code on the common language runtime, it never ran in kernel mode. There are elements of WPF (called the MIL) that are written in unmanaged code, but that code also largely runs (and always has run) in user mode. Insofar as WPF needs to touch kernel mode stuff (e.g., drivers), it interacts with them through the existing DirectX APIs. The user mode and kernel mode aspects of the WPF architecture haven't changed.
http://arstechnica.com/news.ars/post/20051216-578
So what did Microsoft gain with the Vista GDI changes?
Enjoy,
It's just the normal noises in here.
Now, seriously, what's "purple pill"?
Your troll-fu is weak, Daniel-san. Only when you can praise Jon Katz will you be ready.
Malicious to whom? This systems seems designed more to prevent the installation of kernel-mode drivers that would allow the circumvention of things like DRM. I guess it could stop the installation of rootkits too, but there are other ways to stop them. It's funny (to me at least) that there are things that Windows can stop even an Administrator from doing on their own machine.
http://www.mhall119.com
1. It is important to use the correct names for things. The word "terrorist" is subset of "criminal". My working definition of 'terrorist', which can doubtless be improved on, is: one who uses violence to create terror or panic within a populace in order to achieve political ends. Without the political component, a terrorist is simply a criminal guilty of assault, murder, theft, etc. and should be caught and prosecuted accordingly. By using this term incorrectly, you are just as guilty of spreading FUD as the U.S. government. While this may be an effective way to get attention, it is alarmist, unethical, and immoral.
By expanding the meaning of the term, the government has been able to greatly expand its power at the expense of its citizens. It certainly is important to catch and prosecute cyber-criminals, but discuss it rationally and pass appropriate, targeted laws to deal with the problem. More importantly, enforce the ones that already exist.
2. In most cases, a non-anonymous network would probably be fine, as long as encryption was used to keep data private. Unfortunately, we live in a world where, in some places, using encryption will get you tossed in jail, regardless of the content. In other words, it can be important to hide not only what you sent, but the fact that you sent it. A concrete example would be blogging in China. Given recent events with the NSA, I wouldn't be surprised if the U.S. government starts to take a more active role in discouraging personal strong encryption. How do we solve that problem?
3. Guantanamo is one of the worst violations of human rights in recent history. Even the basest criminals are entitled to due process. That's what makes our system justice and not revenge. The United States is NOT the world police. There is a process to be followed to enforce change in other countries. The lack of serious international backing is part of our problem in Iraq. The U.S., despite being the last world superpower, does not have the resources to fight every battle and prosecute every crime that other countries won't deal with.
You are right that we need effective computer crime laws and effective enforcement of them. The way to do it is to lobby other countries for this and establish treaties with them. Use diplomacy and sanctions where necessary. It isn't impossible; if we can get intellectual property laws perverted across the globe, surely we can expend the effort needed to reach cyber-criminals where ever they choose to hide.
4. The government is supposed to work for us, but it needs watching. One of the most important lessons of modern history is that we have to be active and mistrustful of government, in order for it to function correctly. The Bay of Pigs was the first warning and the Watergate scandal made this manifest. The Iraq war, NSA wiretapping, and the PATRIOT Act are examples of what happens when we fail to perform our role of government watchdog. I'm not going to trust the government on who the bad guys are. I want the FBI, the CIA, Interpol, etc. to gather evidence and arrest criminals and bring them before the appropriate judicial authority and prove their case before the public.
You are correct that this is a serious international problem and needs serious international intervention, but it also has to be done right.
======
In X-Windows the client serves YOU!
http://www.mhall119.com
Umm Microsoft DIDNT sign the code, ATI DID. The drivers ARENT WHQL verified... Who's the asshole now?
Considering the lousy reviews, it seems that Windows Vista is indeed "just a hack" on top of XP.
But it is no longer correct that it is a hack based on DOS. Parallel to Windows 9x, Microsoft introduced the Windows NT line. Windows 2000, XP and Vista are based on that.
In a direct comparison of Windows 2000 to Windows 98 (yes I've used both), Windows 2000 is a lot more stable, especially when confronted with bad applications. It is not perfect but definitely good enough for desktop use.
I'm using XP only occasionally, but it seems OK as well.
Vista - cough - no thanks. The reviews and personal accounts I've read are reason enough not to even try it. And the quality is only half of it, the EULA is even more inacceptable. Even if I strongly suspect it would be unenforceable in my country, I'd rather avoid getting anywhere near it.
C - the footgun of programming languages
I think Microsoft's main consideration with driver signing is stability, not security.
It is a lot easier and more reliable to test a driver for stability than it is to test it for security. There is so much crap hardware with flakey drivers floating around which causes stability problems, Windows has an undeservedly bad reputation for stability. Everyone blames Microsoft when the see a BSOD, but in many cases they should be blaming the manufacturer of their $10 SATA adapter.
I'm posting this from an Ubuntu box, so I'm no MS apologist. But Windows' reputation for being unstable is greatly exaggerated. Signed drivers may help correct this particular market perception.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I was trying to avoid Godwin's law, since there are many other examples that can be appealed to besides Nazi Germany. The genocide in the former Yugoslavia and Darfur works as well. Saying Gitmo is "one of the worst" is not the same as "is the worst". I am certainly aware of the Holocaust, know a great deal about it and certainly acknowledge that it happened and was terrible. I have no problem with the Holocaust being the worst, but Gitmo is clearly wrong and abusive.
In a way, is there any point in ranking these things? They are each violations of human rights; some are certainly more horrific than others, but a violation is a violation just the same.
I debated adding illegality as a criteria for terrorism, but assumed it was implied. I wouldn't mind amending my definition. I agree with you that lawful force can be necessary, but the keyword is 'lawful'. International laws are laws as well and need to be respected until they can be changed to address the situation. We have standards for when invading other countries is allowed; we can't just choose to enforce our laws on other people's sovereign territory without getting a legal mandate to do so. If you argued that the U.N. is not up to addressing these issues, I would agree, and suggest that fixing the U.N. to be a more effective organization would help.
This is Slashdot, of course, so you are certainly free to ignore my suggestions, but I would hope that the due process of law falls under "doing it right".
======
In X-Windows the client serves YOU!
You mean, "local" as in how long does it take a trojan to trick a user into installing a local rootkit?
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
I'd fire them.
Heck, that solution is even cross-platform!
http://www.mhall119.com
Red herring? Is the article not a specific example of a program being able to anonymously run kernel level code, bypassing the signing mechanism? I wasn't saying it's intrinsically broken, just that what you said (anonymous code can't run) is evidently not the case.
That it exploits a flaw in 3rd party software does not change the fact that the system is currently breakable. Signing simply makes it harder, which is certainly a good thing. It does not confer complete trust, which is what absolute statement like the one you made imply.
It does have the advantage of all the failure points being reviewed by one source (MS) that can be improved over time to catch attacks like this. They obviously are not yet perfect, but it's a marked improvement. But still, how many holes are found by people who aren't honest security researchers? How many people get patched? We have no way of judging the safety of the system, nor if its improvements are increasing at a sufficient pace.