Forgot your password?
typodupeerror
Security Linux

Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole 180

Posted by Unknown Lamer
from the rms-gazes-upon-you-smugly dept.
An anonymous reader writes "The Nvidia binary driver has been exploited by an anonymous hacker, who reported it to nvidia months ago and it was never fixed. Now the exploit was made public." The one releasing the exploit (relayed to him anonymously) is David Arlie, well known X hacker. The bug lets the attacker write to any part of memory on the system by shifting the VGA window; the attached exploit uses this to attain superuser privileges. It appears that this has been known to Nvidia for at least a month.
This discussion has been archived. No new comments can be posted.

Proprietary Nvidia Linux Driver Contains Privilege Escalation Hole

Comments Filter:
  • by Nerdfest (867930) on Wednesday August 01, 2012 @01:38PM (#40845027)

    I'd like to say that this would not have happened with an open source driver, but that's not necessarily true. It would almost definitely have been patched by now though.

  • by Anonymous Coward on Wednesday August 01, 2012 @01:47PM (#40845187)

    Maybe people need to stop being apologists for this kind of thing...

    Companies don't just hand out the email address for the head of their SW development division; maybe if they did we could them let the right people know. I emailed a random Joe when I found an issue with a site, and it got escalated up and it got fixed.

    Maybe if Nvidia had better quality random Joe's, when this sort of stuff did pass by them it would get escalated and not deleted.

  • by Jerry Atrick (2461566) on Wednesday August 01, 2012 @01:49PM (#40845215)

    Nvidia are just serial fuckups. Wasted half my saturday trying to find a driver release that would work on my wifes Kubuntu 11 PC. Eventually gave in and upgraded to 12.04 instead of manually erasing the broken install yet again... to find another fscking broken driver and no X. These idiots are completely incompetent and simply don't respond to error reports or much of anything else from ordinary users.

    Nvidia, still haven't forgotten all the accelerated functions in your chipsets that gradually got turned of as drivers updated, because the hardware was rotten to the core and couldn't be made to work. Or the ongoing multi year saga of begging for working PAL TV support, all of it falling on deaf ears. Or the magically vanished TV out support when Vista shipped.

    Frankly a root exploit is one of their lesser sins.

  • by causality (777677) on Wednesday August 01, 2012 @02:13PM (#40845681)
    Removing that is further complicated by waiting to retain compatibility with older video standards (CGA, EGA).

    ... that nobody uses anymore, at least not with PC hardware.
  • by Anonymous Coward on Wednesday August 01, 2012 @02:13PM (#40845683)

    Is this due to a very old code base in the windows driver, and the driver code being shared between both linux and windows? Compatibility makes sense if you are running DOS or allowing DOS apps to function (or maybe 16-bit windows). But I very much doubt Monochrome, CGA, EGA, and some of the old VGA standard works at all in modern windows, and definitely not in linux.

    This should never have been exposed to the user in linux and hopefully not in windows either. And if compatibility is a concern, then it should be through emulation and a protected path if hardware access is useful.

  • by Anonymous Coward on Wednesday August 01, 2012 @02:23PM (#40845855)

    Seriously? This is the kind of shit that makes people hate us Linux users. "Oh, you had a problem? Should have used $MY_FAVORITE_DISTRO then it would have worked! (Unless it still didn't, but let's just ignore that possibility so I can be a smug bastard.)"

  • One of many (Score:5, Insightful)

    by jandrese (485) <kensama@vt.edu> on Wednesday August 01, 2012 @02:32PM (#40845991) Homepage Journal
    The graphics driver is both monstrously large and operates at a very low level, there are going to be tons and tons of security problems with it when people start seriously looking at it. As John Carmak put it: I agree with Microsoft’s assessment that WebGL is a severe security risk. The gfx driver culture is not the culture of security.
  • by fuzzyfuzzyfungus (1223518) on Wednesday August 01, 2012 @02:39PM (#40846107) Journal

    Somebody should probably tell Nvidia that a driver that enables arbitrary memory read/write could probably be used as a DRM circumvention mechanism if targeted at a 'protected' program rather than the kernel. That might actually get them to fix it...

  • by Tapewolf (1639955) on Wednesday August 01, 2012 @02:55PM (#40846391)

    Use Windows and you don't get linux malware. True story, mod +5 true accordingly.

    Since Nvidia's drivers share a large amount of common code, I'd say it's only a matter of time.

  • Re:Hoooo boy... (Score:5, Insightful)

    by Anonymous Coward on Wednesday August 01, 2012 @03:23PM (#40846825)

    Correct. That's why i choose AMD.

    Not that they're that much better, but at least they tried to.

  • by greg1104 (461138) <gsmith@gregsmith.com> on Wednesday August 01, 2012 @03:28PM (#40846931) Homepage

    VGA works fine in Windows and in Linux. See Linux framebuffer [wikipedia.org] as a relatively modern implementation. (I say relatively modern because I'd been using Linux for a long time before it was added, and it's new compared to things like X-Windows) PC hardware is certainly not so abstracted away by useful APIs that the drivers can ignore this level of detail, to be protected from them. Manipulating this sort of thing is exactly what a driver is written to do.

    Your suggestion that this shouldn't have been exposed to the user is missing the point: this is an exploit. The driver itself needs to know all these details to properly initialize itself and support old-school text/VGA modes during boot. The user was likely never intended to have access to them, but an exploit isn't limited to what the user is supposed to do. Whether or not the path is protected or not is irrelevant if the path is bypassed.

  • by Nerdfest (867930) on Wednesday August 01, 2012 @03:41PM (#40847133)

    When are we going to get all the software available prepackaged and regularly updated from the repository?

    That's a fairly half-hearted troll. Most Linux distros have package management and multi-source software repositories that make iOS, Metro, and OS X look like the limited attempts at platform lock-in that they really are.

  • Re:works here (Score:3, Insightful)

    by fnj (64210) on Wednesday August 01, 2012 @03:49PM (#40847251)

    Why not; SELinux certainly has no problem blocking anything useful from working.

  • Re:Hoooo boy... (Score:2, Insightful)

    by Anonymous Coward on Wednesday August 01, 2012 @03:50PM (#40847261)

    Nvidia's future is going to be determined almost entirely on success or failure of the Tegra line, which will predominantly run Android. That's why Linus flipped them the bird. Nvidia, as a company, is becoming increasingly dependent upon Linux to succeed financially. Yet they are not making any effort to engage developers or the community at large.

  • by Anonymous Coward on Wednesday August 01, 2012 @04:48PM (#40848011)

    Oh, please!

    I've re-written the installers for NVidia's binary blobs and library mangling several times, and sent the fixes to NVidia. The problem is that the installer moves aside the existing OpenGL libraries and crates symlinks to their *own* proprietary libraries, and doesn't inform the local package management system of the change. So updates break it, and the installer gets very confused if you try to run it with a new installer and haven't cleared the old installer.

    Cleaning up after the resulting mess is awkward, unless someone has thoughtfully bundled it for you into some more sane package. And that's a lot of work to fix something that NVidia keeps breaking in new and creative ways with very, very bad shell scripting.

  • by causality (777677) on Wednesday August 01, 2012 @05:12PM (#40848337)

    Guess what, your computers boots right into 16-color text mode (used by the BIOS and sometimes by Windows as part of the boot sequence) using EGA colors. Not sure if that's relevant but it might be. Linux might also use something similar for its boot process and for Ctrl+Alt+Fn terminals.

    Yes. When it does that, the OS has not yet loaded. Hell, the boot loader (GRUB in my case) has not yet loaded.

    It's obviously implemented in hardware. That means it has nothing to do with the nVidia driver that my OS loads up and whether that nVidia driver supports EGA.

    So okay, I'll rephrase my previous comment from "nobody uses it" to "no one needs the nVidia driver to provide it".

Men love to wonder, and that is the seed of science.

Working...