Slashdot Mirror
Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole
An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public."
The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.
I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.
Maybe people need to stop being apologists for this kind of thing...
Companies don't just hand out the email address for the head of their SW development division; maybe if they did we could them let the right people know. I emailed a random Joe when I found an issue with a site, and it got escalated up and it got fixed.
Maybe if Nvidia had better quality random Joe's, when this sort of stuff did pass by them it would get escalated and not deleted.
Nvidia are just serial fuckups. Wasted half my saturday trying to find a driver release that would work on my wifes Kubuntu 11 PC. Eventually gave in and upgraded to 12.04 instead of manually erasing the broken install yet again... to find another fscking broken driver and no X. These idiots are completely incompetent and simply don't respond to error reports or much of anything else from ordinary users.
Nvidia, still haven't forgotten all the accelerated functions in your chipsets that gradually got turned of as drivers updated, because the hardware was rotten to the core and couldn't be made to work. Or the ongoing multi year saga of begging for working PAL TV support, all of it falling on deaf ears. Or the magically vanished TV out support when Vista shipped.
Frankly a root exploit is one of their lesser sins.
Removing that is further complicated by waiting to retain compatibility with older video standards (CGA, EGA).
... that nobody uses anymore, at least not with PC hardware.
It is a miracle that curiosity survives formal education. - Einstein
Is this due to a very old code base in the windows driver, and the driver code being shared between both linux and windows? Compatibility makes sense if you are running DOS or allowing DOS apps to function (or maybe 16-bit windows). But I very much doubt Monochrome, CGA, EGA, and some of the old VGA standard works at all in modern windows, and definitely not in linux.
This should never have been exposed to the user in linux and hopefully not in windows either. And if compatibility is a concern, then it should be through emulation and a protected path if hardware access is useful.
The graphics driver is both monstrously large and operates at a very low level, there are going to be tons and tons of security problems with it when people start seriously looking at it. As John Carmak put it: I agree with Microsoft’s assessment that WebGL is a severe security risk. The gfx driver culture is not the culture of security.
I read the internet for the articles.
Use Windows and you don't get linux malware. True story, mod +5 true accordingly.
Since Nvidia's drivers share a large amount of common code, I'd say it's only a matter of time.
Correct. That's why i choose AMD.
Not that they're that much better, but at least they tried to.
VGA works fine in Windows and in Linux. See Linux framebuffer as a relatively modern implementation. (I say relatively modern because I'd been using Linux for a long time before it was added, and it's new compared to things like X-Windows) PC hardware is certainly not so abstracted away by useful APIs that the drivers can ignore this level of detail, to be protected from them. Manipulating this sort of thing is exactly what a driver is written to do.
Your suggestion that this shouldn't have been exposed to the user is missing the point: this is an exploit. The driver itself needs to know all these details to properly initialize itself and support old-school text/VGA modes during boot. The user was likely never intended to have access to them, but an exploit isn't limited to what the user is supposed to do. Whether or not the path is protected or not is irrelevant if the path is bypassed.
When are we going to get all the software available prepackaged and regularly updated from the repository?
That's a fairly half-hearted troll. Most Linux distros have package management and multi-source software repositories that make iOS, Metro, and OS X look like the limited attempts at platform lock-in that they really are.
Why not; SELinux certainly has no problem blocking anything useful from working.
Nvidia's future is going to be determined almost entirely on success or failure of the Tegra line, which will predominantly run Android. That's why Linus flipped them the bird. Nvidia, as a company, is becoming increasingly dependent upon Linux to succeed financially. Yet they are not making any effort to engage developers or the community at large.
Guess what, your computers boots right into 16-color text mode (used by the BIOS and sometimes by Windows as part of the boot sequence) using EGA colors. Not sure if that's relevant but it might be. Linux might also use something similar for its boot process and for Ctrl+Alt+Fn terminals.
Yes. When it does that, the OS has not yet loaded. Hell, the boot loader (GRUB in my case) has not yet loaded.
It's obviously implemented in hardware. That means it has nothing to do with the nVidia driver that my OS loads up and whether that nVidia driver supports EGA.
So okay, I'll rephrase my previous comment from "nobody uses it" to "no one needs the nVidia driver to provide it".
It is a miracle that curiosity survives formal education. - Einstein