Root Exploit For NVIDIA Closed-Source Linux Driver 548
possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."
Intel Open Source Graphics Driver (Score:2, Interesting)
HW makers should produce multiple drivers (Score:5, Interesting)
A high-performance, possibly proprietary, specification that gives them a definate edge over their competitors. If they want to ship binary-only drivers that's fine.
A possibly-lesser-performance specification that does "the basics" - everything a typical device of its type can do. This specification should be public, preferably with open-source drivers. Even without drivers, those who need to can write drivers from the specification. For a high-end video card, this should be everything that a low- or medium-end card could do. For an all-in-one printer, this should include basic full-color printing at "typical for its technology" resolutions, basic full-color scanning at "typical for its technology" resolutions, and b&w and color faxing. For a high-end sound card, this should include at least 2-channel sound. For a communications device, it should include all internationally-accepted standards that the device supports, but need not include the most efficient or highest-performance embodiment of those standards.
Most important is full disclosure:
Any device that doesn't provide a full, published specification of "everything" must disclose the limits of the published specifications, so buyers will know exactly what they are buying: a device that, should problems be found with the drivers, or when used with operating systems without supported drivers, is limited to a specified downgraded functionality.
Re:useless suggestion (Score:2, Interesting)
Re:useless suggestion (Score:1, Interesting)
If it was OSS it would already be patched.
Re:Open vs. Closed yet again... (Score:2, Interesting)
Re:Allowed? (Score:3, Interesting)
We're talking about a graphics driver here. It pretty much has to execute in kernel mode. you know, where you can do anything you want on the system? Sure, we could have a userspace graphics driver, but it would still need a kernel mode driver stub and it would be substantially slower, which is not really an option for most people.
With the current design of the Linux kernel + userspace, I agree, but I'm unconvinced that that has to be the case. I see inherent stumbling blocks to untrusted video drivers, but nothing that truly prevents them from running in an untrusted mode that does not present the same level of risk. I'm not, however, competent to judge the difficulty of such an enterprise and weigh it against the amount of real benefit to the end user.
Re:Open vs. Closed yet again... (Score:3, Interesting)
Re:useless suggestion (Score:3, Interesting)
Re:It ain't too serious. (Score:1, Interesting)
None of you dickheads know what you are on about.. (Score:3, Interesting)
And for the record, X11 drivers run in userland, as root so they can access hardware ports directly. There's no real reason for them to require root, except that allowing any process to access hardware ports will undermine the security and stability of the system. What you could do is use capabilities to give X11 the ability to access particular hardware ports directly and run it as a regular user instead of root. As long as only root can assign the capabilities you'll be fine.
It's only sort of a remote exploit (Score:3, Interesting)
So we have three possible routes to privilege escalation. One, the person already has shell access. This is rather rare these days. In any case, you can restrict access to X to only those people you trust or can hold accountable. Two, a remote X client. Who allows remote X connections these days? Require shell access with X connection tunneling through SSH and see #1, above.
Three, you are running an X based web browser and visit a malicious web page. Okay, to prove this is not an issue, let me quote from the article again:
Okay, to work, the exploit needs to provide glyph data to be rendered. From the sound of it, without being able to supply arbitrary glyph data, the best that an attacker can accomplish is a DoS for as long as you are visiting that site. So, practice safe browsing, turn off embedded fonts, Flash, and Java for untrusted sites.
I am predicting that this exploit will not affect many people.