Slashdot Mirror
Nvidia GPUs Can Leak Data From Google Chrome's Incognito Mode (softpedia.com)
An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."
It's been shown that you randomly snag other running applications data by initializing new framebuffers and seeing what happens to be in them.
The problem is that your graphics card simply cant zero out chunks of ram every time an application requests them, not if you want your high performance rendering for your video games. This issue is an old one, and one that's tied to the hardware architecture itself, and can't be fixed as easily as the submitter seems to think.
You mean using a graphics processing unit to process graphics? What level of weapons grade bullshit is this?
Thirty four characters live here.
There is value in using that mode for porn (although your IP address is still exposed, and it's unclear that anyone is going to understand why you were at LustyHotBabes.com for any non auto-erotic pursuits). But it is also incredibly useful for the times you want to visit a site that caches credentials locally or otherwise relies on client-side tracking, but you don't want that behavior. I do not like to leave data for gmail, facebook, linked-in etc. on my work machine, for example, I don't own it and IT can seize it at any time.
This has always been a problem, practically since the dawn of computing. That problem is: leaving trash everywhere.
And, this is as much a real life problem as it is a problem in the computing space. Have you ever seen a developer's work area? There's garbage everywhere - empty hot pocket boxes, empty cans of red bull, crusty kleenex all over the floor from late night fap sessions to animated hentai porn, and so on. Is it any wonder that these poor real-life hygiene habits make it into the code they write?
No developer I've ever had the misfortune of working with has ever cared about cleaning up resources after they are used.
Yeah. Your GPU was not designed with security of the information stored in it in mind. It was designed to play video games and a few other things, and it's not a big deal if a few of your game textures leak, if it means the GPU can be slightly faster at managing its memory. The responsibility should be Chrome's to clear out its GPU memory in incognito mode after it's done using it.
> Chrome's to clear out its GPU memory in incognito mode after it's done using it.
The driver manages the GPU memory and there is no particular reason to assume that if Chrome did that it would actually write to the same RAM location that had the sensitive data and not some other random memory area it was assigned temporarily.
Thus the calls for Chrome to fix it are nonsense. Yes, it might work. But it might break any time with a driver update. This needs to be in the drivers.
The discussion and arguments isn't really any different than for kernel-allocated memory for the CPU.
The GPU memory is not handled by the OS, it runs on a separate piece of hardware, a full computer system if you allow, that does not run an OS by itself.
The NUMA API for using nVidia cards for GPGPU operations is quite simple and straightforward; when requesting memory, it allocates a chunk; when releasing it, it's just marked as "not yours anymore". Due to the massive parallel programming model, there is even some *value* in not clearing it, as for algorithmic iterations sometimes you can save the cost of populating and freeing memory blocks if you know you will get the same pieces of RAM (or if it does not really matter, and each algorithmic pass can work exclusively on a given set of data until a certain point has reached — think i.e. symmetric encryption schemes).
Due to every time more intelligent C compilers (and of course higher level constructs) we have got used to memory being zeroed out on assignation, but no AFAICT no standard mandates that. I would place the burden of cleaning the memory on the *initialization* of the new application. After all, be it pr0n or just random flipped bits, Diablo looks bad by starting with the display of digital noise.
I don't think it should be *too much* of a concern for Chrome cleaning up before closing a tab. Yes, there is a certain thing about it being "incognito mode" that should be honored, and –as a special case– it *should* ensure to clean up its act. But the main fault I'd say is at Diablo.
It used to be that the programmer was responsible for clearing sensitive data out of general-purpose memory to ensure that no other process got access to the data. It didn't work out very well. Now, the OS is responsible for clearing out memory prior to handing it to another process. It doesn't really make sense to have every application do something that could be implemented one time, correctly, in the operating system.