Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.

Use Windows | +5 Insightful

[h910]

Use Windows and you don't get linux malware. True story, mod +5 true accordingly.

Re:Use Windows | +5 Insightful

[broginator]

That's like saying "Drive Fords, that way you won't crash in a Chevy."

Re:Open Source Advantage

[Dagger2]

Clearly the proprietary driver is much better then, since it allows me to do whatever I like with your computer.

For limited values of "you"

It needs a local execution method (either another exploit or a tricked user) and access to /dev/nvidia0.

So, for example, even if you exploit a web service to execute this on a suitable machine, you still won't get anything as long as web service's user doesn't have permissions on /dev/nvidia0.

Worst of all, it still needs downloading and compiling sources. WTF, Linux? When are we going to get all the software available prepackaged and regularly updated from the repository? Other OSes handle it well, no need for "wget && patch && gcc" to get this working, no need for sudo and sometimes even no need for any actions from user AT ALL, simply visit a page and it just works!

Use Windows (Sore:200,000, Parent is an Amature)

Pssst..... Amature.

CAPTCHA = muddlers