Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

Posted by Unknown on from the rms-gazes-upon-you-smugly dept.

An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.

11 of 180 comments (clear)

  1. Open Source Advantage by Nerdfest · · Score: 5, Insightful

    I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.

  2. Re:Who did he send it to at Nvidia? by Anonymous Coward · · Score: 5, Insightful

    Maybe people need to stop being apologists for this kind of thing...

    Companies don't just hand out the email address for the head of their SW development division; maybe if they did we could them let the right people know. I emailed a random Joe when I found an issue with a site, and it got escalated up and it got fixed.

    Maybe if Nvidia had better quality random Joe's, when this sort of stuff did pass by them it would get escalated and not deleted.

  3. Re:A view to a kill. by causality · · Score: 3, Insightful

    Removing that is further complicated by waiting to retain compatibility with older video standards (CGA, EGA).

    ... that nobody uses anymore, at least not with PC hardware.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  4. Re:Nvidia rotten to the core by Anonymous Coward · · Score: 3, Insightful

    Seriously? This is the kind of shit that makes people hate us Linux users. "Oh, you had a problem? Should have used $MY_FAVORITE_DISTRO then it would have worked! (Unless it still didn't, but let's just ignore that possibility so I can be a smug bastard.)"

  5. One of many by jandrese · · Score: 4, Insightful

    The graphics driver is both monstrously large and operates at a very low level, there are going to be tons and tons of security problems with it when people start seriously looking at it. As John Carmak put it: I agree with Microsoft’s assessment that WebGL is a severe security risk. The gfx driver culture is not the culture of security.

    --

    I read the internet for the articles.
  6. Re:Nvidia rotten to the core by fuzzyfuzzyfungus · · Score: 5, Insightful

    Somebody should probably tell Nvidia that a driver that enables arbitrary memory read/write could probably be used as a DRM circumvention mechanism if targeted at a 'protected' program rather than the kernel. That might actually get them to fix it...

  7. Re:Use Windows | +5 Insightful by Tapewolf · · Score: 4, Insightful

    Use Windows and you don't get linux malware. True story, mod +5 true accordingly.

    Since Nvidia's drivers share a large amount of common code, I'd say it's only a matter of time.

  8. Re:Hoooo boy... by Anonymous Coward · · Score: 5, Insightful

    Correct. That's why i choose AMD.

    Not that they're that much better, but at least they tried to.

  9. Re:A view to a kill. by greg1104 · · Score: 3, Insightful

    VGA works fine in Windows and in Linux. See Linux framebuffer as a relatively modern implementation. (I say relatively modern because I'd been using Linux for a long time before it was added, and it's new compared to things like X-Windows) PC hardware is certainly not so abstracted away by useful APIs that the drivers can ignore this level of detail, to be protected from them. Manipulating this sort of thing is exactly what a driver is written to do.

    Your suggestion that this shouldn't have been exposed to the user is missing the point: this is an exploit. The driver itself needs to know all these details to properly initialize itself and support old-school text/VGA modes during boot. The user was likely never intended to have access to them, but an exploit isn't limited to what the user is supposed to do. Whether or not the path is protected or not is irrelevant if the path is bypassed.

  10. Re:For limited values of "you" by Nerdfest · · Score: 4, Insightful

    When are we going to get all the software available prepackaged and regularly updated from the repository?

    That's a fairly half-hearted troll. Most Linux distros have package management and multi-source software repositories that make iOS, Metro, and OS X look like the limited attempts at platform lock-in that they really are.

  11. Re:A view to a kill. by causality · · Score: 3, Insightful

    Guess what, your computers boots right into 16-color text mode (used by the BIOS and sometimes by Windows as part of the boot sequence) using EGA colors. Not sure if that's relevant but it might be. Linux might also use something similar for its boot process and for Ctrl+Alt+Fn terminals.

    Yes. When it does that, the OS has not yet loaded. Hell, the boot loader (GRUB in my case) has not yet loaded.

    It's obviously implemented in hardware. That means it has nothing to do with the nVidia driver that my OS loads up and whether that nVidia driver supports EGA.

    So okay, I'll rephrase my previous comment from "nobody uses it" to "no one needs the nVidia driver to provide it".

    --
    It is a miracle that curiosity survives formal education. - Einstein