Go Back   nV News Forums > Linux Support Forums > NVIDIA Linux

Newegg Daily Deals

Reply
 
Thread Tools
Old 10-16-06, 06:41 PM   #1
Robster
Registered User
 
Join Date: May 2004
Location: Christchurch, New Zealand
Posts: 40
Default Apparent root hole in nVidia drivers, what to do?

Hi,

As is being widely publicised (slashdot, kerneltrap), there is a buffer overflow vulnerability in nVidia drivers prior to the 9000 series.

The Rapid7 advisory and the comment threads to the above articles are a bit full of "binary drivers are evil" crud, and not very informative about what people should be doing about it.

Running the 962(5|6) drivers is not an option, as they are beta, buggy, and not ready for everyday use. So, what does that leave? Is disabling the Render extension enough? Or should we really be running the nv driver until this is fixed?

I would also really like some better communication. Is this remotely exploitable to run code (it seems that local access is needed, and the best you can do remotely is a DOS)? Does this make another 8000-series stable driver release worthwhile, and if so, how soon could that be done? Has nVidia really known about it for 2 years without fixing it?

A frank and open discussion of this issue from nVidia would be very welcome, and would go a long way to shutting up the "open source your drivers / publish your specs" trolls. So come on nVidia, get to it!
Robster is offline   Reply With Quote
Old 10-16-06, 06:44 PM   #2
netllama
NVIDIA Corporation
 
Join Date: Dec 2004
Posts: 8,763
Default Re: Apparent root hole in nVidia drivers, what to do?

Disabling RenderAccel:
Option "RenderAccel" "False"
will serve as a workaround for those who are not comfortable with running a 1.0-962x driver.

As noted above, both 1.0-9625 & 1.0-9626 already have this vulnerability fixed.

Thanks,
Lonni
netllama is offline   Reply With Quote
Old 10-16-06, 08:34 PM   #3
ricercar
fugue master
 
ricercar's Avatar
 
Join Date: Oct 2002
Location: silicon valley
Posts: 1,603
Arrow Re: Apparent root hole in nVidia drivers, what to do?

Kudos the the fast NVIDIA response.
__________________
I used to drive a Heisenberg, but whenever I'd glance at the speedometer, I'd get lost.
ricercar is offline   Reply With Quote
Old 10-16-06, 08:37 PM   #4
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Apparent root hole in nVidia drivers, what to do?

Lonni is this bug the same thing we were seeing with Firefox crashing when visiting certain sites as referenced by the below thread?:

http://www.nvnews.net/vbulletin/show...hlight=firefox

http://www.nvnews.net/vbulletin/show...ghlight=239065 is the original thread when Lonni evidently logged the bug.

Last edited by evilghost; 10-17-06 at 02:26 PM.
evilghost is offline   Reply With Quote
Old 10-16-06, 11:21 PM   #5
cdrw
Registered User
 
Join Date: Mar 2006
Posts: 59
Default Re: Apparent root hole in nVidia drivers, what to do?

actually response was not that fast: this bug was known to nvidia since 2004, however as most distros have X remote session disabled by default, then unless you are using it, you are safe.
cdrw is offline   Reply With Quote
Old 10-17-06, 12:56 PM   #6
gsgatlin
Registered User
 
Join Date: Oct 2006
Posts: 3
Default Re: Apparent root hole in nVidia drivers, what to do?

Thanks a lot for the quick response. Pushing out changes to all my
xorg.conf files that use NVidia with that "RenderAccel" "False" option. Great work.
gsgatlin is offline   Reply With Quote
Old 10-17-06, 02:24 PM   #7
pe1chl
Registered User
 
Join Date: Aug 2003
Posts: 1,026
Default Re: Apparent root hole in nVidia drivers, what to do?

Quote:
Originally Posted by gsgatlin
Thanks a lot for the quick response. Pushing out changes to all my
xorg.conf files that use NVidia with that "RenderAccel" "False" option. Great work.
This is meant sarcastic, isn't it?
pe1chl is offline   Reply With Quote
Old 10-17-06, 04:16 PM   #8
Gumboot
Registered User
 
Join Date: Mar 2006
Posts: 14
Default Re: Apparent root hole in nVidia drivers, what to do?

Quote:
Originally Posted by pe1chl
This is meant sarcastic, isn't it?
Life isn't so hard without Render accelation. Unless you're using a lot of GTK stuff, but if you do that you obviously want to suffer.
Gumboot is offline   Reply With Quote

Old 10-17-06, 07:24 PM   #9
gsgatlin
Registered User
 
Join Date: Oct 2006
Posts: 3
Default Re: Apparent root hole in nVidia drivers, what to do?

Quote:
Originally Posted by pe1chl
This is meant sarcastic, isn't it?
Actually no.

I am not a nazi on this stuff about open source. While I think Open Source generally produces better code I also understand the patent issues, etc. that NVidia's lawyers have to deal with. I tried the program "glxgears" with the Quadro FX cards in our DELL precision 380s with Option "RenderAccel" "False" in xorg.conf and its still pretty damn fast. Doing that was easier on 300 boxes than downgrading to "nv." I am glad NVidia at least supports Linux and hopefully they will continue to do so. I didn't see a way on a red hat EL4 box how to even get the parameters the sample exploit needed without being root but I didn't spend a whole lot of time on it either...
gsgatlin is offline   Reply With Quote
Old 10-19-06, 05:01 PM   #10
Robster
Registered User
 
Join Date: May 2004
Location: Christchurch, New Zealand
Posts: 40
Default Re: Apparent root hole in nVidia drivers, what to do?

Aha!

http://www.nvnews.net/vbulletin/showthread.php?t=78521 is exactly what I was hoping to see from nVidia.

Thanks a lot guys, the speed and completeness of the response are indeed admirable.
Robster is offline   Reply With Quote
Old 10-20-06, 03:02 AM   #11
zifnab
Registered User
 
Join Date: Oct 2006
Posts: 1
Default Re: Apparent root hole in nVidia drivers, what to do?

Good. The latest stable driver has been updated.
I have a Geforce-2 card at home for which I need the legacy driver. Will this driver be updated as well?
zifnab is offline   Reply With Quote
Old 10-20-06, 03:08 AM   #12
Gumboot
Registered User
 
Join Date: Mar 2006
Posts: 14
Default Re: Apparent root hole in nVidia drivers, what to do?

Quote:
Originally Posted by Robster
http://www.nvnews.net/vbulletin/showthread.php?t=78521 is exactly what I was hoping to see from nVidia.
Brilliant. They've "released" a statement, but the page they point to requires some kind of login.
Gumboot is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
NVIDIA Drivers Receive Windows 8 Certification News Archived News Items 0 06-01-12 05:30 AM
Radeon 9700 not all that? sancheuz Other Desktop Graphics Cards 200 10-12-02 09:31 PM
Nvidia Stereo Drivers Soudontsay NVIDIA Windows Graphics Drivers 2 08-26-02 10:48 AM
nvidia drivers in a motherboard with AGP 1.0 (motherboard MVP3+) knocker NVIDIA Linux 1 08-19-02 01:57 AM
NVIDIA 2960 Drivers & RH 7.3 W/2.4.18-5 XASCompuGuy NVIDIA Linux 6 08-02-02 11:53 AM

All times are GMT -5. The time now is 03:21 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.