Go Back   nV News Forums > Linux Support Forums > NVIDIA Linux

Newegg Daily Deals

Reply
 
Thread Tools
Old 11-23-09, 03:13 PM   #1
computerix
Registered User
 
Join Date: Nov 2009
Posts: 1
Default Security questions...

I'm going to buy a new laptop for linux (x86-64), and I'm currently investigating
if laptops with nvidia graphics are an option or not.

Specifically, the question is whether the nvidia driver conforms to our security guidelines:

* Statically linked kernel with no module loader is a must.
Can the nvidia driver be linked statically into the kernel,
or must it be loaded as a kernel module?

* Strict execute protection (PaX/Grsecurity) is also a must:
All stack and data segments are set to non-executable,
and all mmaps may be either writeable or executable, but never both.

* Textrels could be enabled if really necessary,
but currently they are disallowed (turned off in the kernel).

Is there any chance to meet the above criteria,
or is this impossible with the nvidia driver?
computerix is offline   Reply With Quote
Old 11-23-09, 04:27 PM   #2
Thunderbird
 
Join Date: Jul 2002
Location: Netherlands, Europe
Posts: 2,105
Default Re: Security questions...

The first point is already impossible to meet. The nvidia driver must be a loadable module and can't be linked into the kernel. License wise it would also not be legal since the kernel module is not licensed under the GPL.

I can't comment on the second and third points.
Thunderbird is offline   Reply With Quote
Old 11-24-09, 07:36 AM   #3
P.Kosunen
Registered User
 
Join Date: Jan 2009
Posts: 57
Default Re: Security questions...

You can use x.org's nv -driver.
P.Kosunen is offline   Reply With Quote
Old 11-24-09, 09:43 AM   #4
jumjum77
Registered User
 
Join Date: Mar 2009
Posts: 13
Default Re: Security questions...

Quote:
Originally Posted by P.Kosunen View Post
You can use x.org's nv -driver.
Yes, but that he wouldn't be able to use most of the nice features of the card.

I'd definitely go with an Intel card if I had to meet those requirements!
jumjum77 is offline   Reply With Quote
Old 11-24-09, 11:34 AM   #5
mooninite
Registered User
 
Join Date: May 2006
Posts: 477
Default Re: Security questions...

Quote:
Originally Posted by jumjum77 View Post
Yes, but that he wouldn't be able to use most of the nice features of the card.

I'd definitely go with an Intel card if I had to meet those requirements!
The nVidia driver doesn't comply with point number two either.

You're best off trying nouveau. If you need 3D though, you won't be using ATI or nVidia. Their binary drivers are not fully secure nor should you expect them to be when you cannot see how they work first hand.
mooninite is offline   Reply With Quote
Old 11-25-09, 08:28 AM   #6
cdrw
Registered User
 
Join Date: Mar 2006
Posts: 59
Default Re: Security questions...

shrug,
second point fixes this for you:
you will be able to run only in command line mode (NOEXEC breaks Xorg, also disabling priviledged I/O breaks xorg)

If this is a server, you don't need Xorg/nvidia
If this is desktop you don't really need these hardening options

your requirement regarding "no modules" option is silly, grsec/pax protects against loading/unloading modules after boot. If your system was infected before you installed hardened kernel, then it is too late anyway.
cdrw is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 11:57 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.