Vulnerability in NVIDIA Binary Drivers for Linux
- Thread starter phisrow
- Start date
Holy sh1t, it's remotely exploitable.
A f-ing remote root exploit because of your video drivers.? How pathetic.
Umm.. that's a bit of a understatement. Thank god I got rid of my nvidia card a while ago..
A f-ing remote root exploit because of your video drivers.? How pathetic.
Umm.. that's a bit of a understatement. Thank god I got rid of my nvidia card a while ago..
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
It's not exactly clear to what extent that's true. If you're in the habit of allowing remote X sessions on your screen from random passers-by on the Internet, then yeah, you have a problem (probably many problems). But from what I can tell, the worst that will happen for normal people is that Firefox would crash. The advisory suggests provocatively that some malicious Flash or Java rendering could do something more than that, but advisories love to make bold statements to draw more eyeballs.
Still ugly, though, I'm not denying that.
That's pretty bad. At least I'm running the betas though. I wish us linux users would have a shinning beacon to go to when it comes to graphics cards...
Not exactly shining.. A little bit dull with aluminum paint on it to make it look sorta shiny.. and it has a small bit of blob smeared on it (which you can safely ignore with no loss of functionality) is the Intel graphics drivers.
The onboard graphics systems aviable with the Intel 945g motherboards provide adiquate 3d performance for most open source video games and aiglx/compiz should present no problem. Fully supported by open source DRI drivers.
The next up is the GMA 3000 and GMA X3000 provided by new Intel motherboards. They are new though and I don't know of their true performance. The windows drivers perform horribly, being out performed by the GMA950 from the 945g. But that is blamed due to lack of support for the new x3000 features. I've seen a benchmark posted to somebody's blog that showed performance on par with mid/low range descrite cards with ut2004 on Linux. So these things may end up being a turkey or not. It's new stuff from Intel so you know how that goes sometimes.
'NV' is funny.
It would work fine if it wasn't for the fact that the developer for it didn't intentionally make it impossible for anybody else to read or patch by obsoficating the code. Otherwise it's problems would of been fixed long ago...
See happy fun fun.
"source obfuscation as forced by NVIDIA"
http://cvsweb.xfree86.org/cvsweb/xc/pro...r.c?hideattic=0&only_with_tag=xf-3_3_3
See the diffs. They are hilarious. They basicly removed all comments and descriptive variable names. They even replaced all the 'TRUE' with '1'
It would work fine if it wasn't for the fact that the developer for it didn't intentionally make it impossible for anybody else to read or patch by obsoficating the code. Otherwise it's problems would of been fixed long ago...
See happy fun fun.
"source obfuscation as forced by NVIDIA"
http://cvsweb.xfree86.org/cvsweb/xc/pro...r.c?hideattic=0&only_with_tag=xf-3_3_3
See the diffs. They are hilarious. They basicly removed all comments and descriptive variable names. They even replaced all the 'TRUE' with '1'
that's great and all, but where exactly do i get an add-in video card with reasonable performance that actually has decent open source opengl support? the only ones that comes to mind are the radeon 8500/9200. and the open source drivers for those lag behind ati's pathetic binary drivers.
i think it's because nvidia objected to well documented code so as not to reveal too much "intellectual property". well my geforce fx5200 is the last nvidia card i buy
The answer is you don't. This is why I am now running a Intel cpu rather then a AMD. AMD cpus are better, but OSS support for Nvidia and ATI motherboards are s**t. And Via boards are now almost non-existant it seems.
Intel the stuff works mostly out of the box. With very new boards (965 stuff) you will probably have some problems, but it's just because the drivers are very new. The sound works. The SATA cards work. The ethernet works. Everything works. Even power management stuff and sensors stuff worked for me with no editing of files and such.
The only choice for open source drivers for adiquate performance is:
R200 DRI drivers for 8500 - 9250 AGP cards (8500 is fastest, the 9xxx were more a budget thing)
R300 DRI drivers for R3xx and R4xx cards. Anything newer then the 9250 and any of the 'X' cards with numbers less then 1000. For example the X850 is supported, but the X1300 is a R500 and is not. Some onboard stuff with 'hyper memory' shared memory things don't work. The 9800 may have lock up issues. But otherwise they are decent.
Intel GMA stuff. The 9xx motherboards. The earlier 855 motherboards had 'Extreme Blaster' and 'Extreme Blaster 2' stuff which sucked when new.
I have a GMA 950 and a ATI x800 PCIe card and both work acceptably well. The x800 is very slow with DRI drivers compared to Windows. It's about 50-75% the performance of the ATI propriatory drivers. It's not spectacular (a understatement), but it's stable.
http://www.phoronix.com/scan.php?page=article&item=560&num=1
P.S. The open source R200 drivers totally kick the ass out of ATI's binary-only drivers since now ATI has dropped support for them. (also performance is now up to what the propriatory drivers offer anyways) Pretty soon the open source drivers will be the only solution for those.
Also I'd like to say (for anybody who may not know)
DO NOT buy ATI cards if your planing on using Linux systems with your machines at any point and you want better performance then what the reverse engineered drivers offer.
If your going to use propriatory drivers then the ONLY solution for Linux high-performance 3d graphics is Nvidia.
Hopefully AMD can impress on ATI the need to support open source drivers, but I am beginning to seriously doubt that is ever going to happen.
DO NOT buy ATI cards if your planing on using Linux systems with your machines at any point and you want better performance then what the reverse engineered drivers offer.
If your going to use propriatory drivers then the ONLY solution for Linux high-performance 3d graphics is Nvidia.
Hopefully AMD can impress on ATI the need to support open source drivers, but I am beginning to seriously doubt that is ever going to happen.
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
well considuring the report says it's a problem with how the driver handles glyph acceleration that anything that displays text from anything is a potential problem. Remote X can be disabled completely and still not stop a remote attack. They have to trick you in displaying specially crafted text stuff.
It'll probably require some sort of something that displays corrupted text in a correct manner to trigger the bug, but theoreticly it seems possible. If it's possible to reliably crash a browser using this stuff then that is a kernel bug crashing the browser and not a browser itself. So that means you are causing the buffer to overflow and writting random bits to places in memory it shouldn't.
So although I suppose it would be hard to setup a javascript client to inject shell code into a vunerable system I expect it wouldn't be to hard, relatively, to do a DOS and crash Linux boxes visiting certain websites.
You mean exploits, unsupported hardware, and a company that wants to keep me in the dark about the hardware I purchased? Darn. Too bad.
CLUSTERFSCK!!!
I look at closed hardware and closed drivers as one enormous (perhaps intentional) miscommunication: not only will no one tell us what we want to know, they won't tell us with any specificity why they won't tell us. AFAIK, no representative of any hardware company has ever given rational and definite economic or legal arguments as to why they will neither open up their drivers nor open up their hardware interface (and if they have, it's not well-known enough for me to know about it); it's as if they are under some kind of double-secret confidentiality... I mean, I know a business has to have certain information remain confidential, but this is just ridiculous.
I look at closed hardware and closed drivers as one enormous (perhaps intentional) miscommunication: not only will no one tell us what we want to know, they won't tell us with any specificity why they won't tell us. AFAIK, no representative of any hardware company has ever given rational and definite economic or legal arguments as to why they will neither open up their drivers nor open up their hardware interface (and if they have, it's not well-known enough for me to know about it); it's as if they are under some kind of double-secret confidentiality... I mean, I know a business has to have certain information remain confidential, but this is just ridiculous.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter