Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Root Exploit For NVIDIA Closed-Source Linux Driver

kdawson posted more than 7 years ago | from the dangerous-blobs dept.

548

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

cancel ×

548 comments

Sorry! There are no comments related to the filter you selected.

useless suggestion (4, Insightful)

pe1chl (90186) | more than 7 years ago | (#16459049)

Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

This is as useless as suggesting "Install Linux" when a Windows vulnerability has been found!

Re:useless suggestion (5, Funny)

Anonymous Coward | more than 7 years ago | (#16459089)

stfu. Say first post next time like normal people.

Re:useless suggestion (0, Insightful)

Anonymous Coward | more than 7 years ago | (#16459115)

Yeah, because having drop shadows on your metacity windows is a make or break feature.

Re:useless suggestion (0, Troll)

Geekboy(Wizard) (87906) | more than 7 years ago | (#16459135)

how is it useless? you're being encouraged to use open source software for your drivers. you know, the version WITHOUT root exploits.

Re:useless suggestion (4, Insightful)

jandrese (485) | more than 7 years ago | (#16459213)

It's also the version without GL support. Without GL support you might as well have a Mach64 in there.

Re:useless suggestion (3, Funny)

Anonymous Coward | more than 7 years ago | (#16459497)

Ironically, the mach64 driver is not built by default because it also has security issues

Quite useless. (2, Insightful)

Anonymous Coward | more than 7 years ago | (#16459217)

Also the ones without openGL performance. Remind me why I bought a high-performance 3D card again.

Re:useless suggestion (1)

spyfrog (552673) | more than 7 years ago | (#16459307)

You mean the driver that doesn't support the 3D functions of the graphic card and because of this is more or less useless?

Re:useless suggestion (1, Insightful)

IAmTheDave (746256) | more than 7 years ago | (#16459339)

Because a goodly number of people would prefer this headline be changed from

"Root Exploit For NVIDIA Closed-Source Linux Driver"

to

"Root Exploit For NVIDIA Linux Driver"

I'm personally tired of this over-zealous open-source push. Nvidia is a closed-source company, but they make good products. Stop villainizing Nvidia and evangilizing this open-source madness to everyone. I use Linux (Arch distro - go Arch!) and the hated "closed-source" driver from NVidia because THEY make their cards and THEY make the best drivers for them.

Anyone worried about open-source to this degree, just don't buy an NVidia card already. Trade secrets are money makers, and you can't definitively say that opening their source wouldn't give away some trade secrets or algorithms that keep NVidia at the cutting edge of video card production. If they took out those algorithms to appease a super-minority of NVidia card users, their card would perform sub-par.

I really can't believe this whole thing gets so much play.

Re:useless suggestion (1, Interesting)

AvitarX (172628) | more than 7 years ago | (#16459451)

Best driver if you are not worried about a buffer overflow leading to a root exploit.

If it was OSS it would already be patched.

Re:useless suggestion (0, Insightful)

Schraegstrichpunkt (931443) | more than 7 years ago | (#16459511)

News flash: This wouldn't happened in an open-source driver:

NVIDIA has known about this bug in their binary driver for some time, "the link in the advisory is the earliest thread in which we could find an NVIDIA employee publicly acknowledging the bug, although it was reported back in 2004 and has probably existed even longer."

Re:useless suggestion (5, Insightful)

MoxFulder (159829) | more than 7 years ago | (#16459675)

I'm personally tired of this over-zealous open-source push. Nvidia is a closed-source company, but they make good products. Stop villainizing Nvidia and evangilizing this open-source madness to everyone. I use Linux (Arch distro - go Arch!) and the hated "closed-source" driver from NVidia because THEY make their cards and THEY make the best drivers for them.


As far as I'm concerned, if you're a potential customer, a company damn well ought to listen to you if they want to sell their products. Open-source drivers are a feature that a lot of users want, whether to use cards on other architectures, to fix bugs sooner, to improve their performance, to audit them for use in security-sensitive deployments, etc.

Lots of users would *LOVE* to punish NVidia for not responding to their desire for open-source drivers, but they really can't... there's no good alternative. ATI drivers are closed-source as well, and that's the only other big player in 3D graphics cards. Now Intel has come out with actual real-live open-source drivers for their 3D graphics cards, and there's been a chorus of folks planning to switch over to them (even though they're rather underpowered compared to the NVidia cards).

NVidia may make pretty good drivers, but I bet they could be made a whole lot better and more versatile by open-sourcing them. I've encountered 4 or 5 NVidia driver bugs on my AMD64 box, and have NEVER found any bug in any other non-experimental open-source Linux device driver.

Re:useless suggestion (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16459623)

Hey, let's play "Name That Fallacy!"

You're being encouraged to give all of your money to charities. You know, the people who REALLY need the money.

You can't honestly argue that you're the poorest person in the world, can you? Certainly, there's no denying that SOMEBODY needs your money more than you do!

What say, hmm?

What's that? People

(sigh)

Perhaps try asking yourself why nVidia even bothers making closed source drivers, since it seems apparent to you that the open source ones are much better and more secure. I mean, do you think Satan himself was born incarnate as a kernel developer for the sole purpose of heartlessly "inventing" the "closed source driver"? Or do you suppose it's a human phenomenon, and there's actually some reason and/or purpose behind it?

If you don't need the extra functionality/performance of the proprietary nVidia drivers, you probably aren't using them to begin with. There's corporate distros (Novell and RHEL), which come with the proprietary drivers... they probably already have patches for this. Then there's the free distro's that probably most people on here use on the machines with the nVidia 3D cards: Ubuntu, OpenSuSE, Fedora Core, Mandrwhatever, etc. These generally install open source drivers out of the box. Since you actually have to work to get the proprietary ones to work right (3D and all), it's likely that the people who use them probably need them.

how is it useless?

You can see, then, how suggesting that people simply switch back to the OSS ones is truly "useless".

Why can't the world be as obvious to everyone as it is to me? Or are you just trying to be aggrevating/obnoxious?

Re:useless suggestion (1)

Azarael (896715) | more than 7 years ago | (#16459171)

At least there is a way to avoid the problem. Half the time I can't be even bothered to install the driver and get x reconfigured properly. It is concerning to see that it can be exploited through a remote website though(according to Rapid7).

Re:useless suggestion (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16459179)

So... not useless at all then. Seriously, get over yourselves you windoze twats - _you_ chose to run an "operating" system that people who know what they are talking about have been telling you outright not to use for years now. Do you think it's clever? You're like toddlers refusing to learn how to read and thinking you've got one up on the growed-ups by doing so.

Re:useless suggestion (1)

HuckleCom (690630) | more than 7 years ago | (#16459205)

I can see this kind of activity threatening linux drivers as we know it. It's hard enough to get hardware companies to make compatible drivers, this just adds another incentive not to develop them at their already-slow enough pace.

Re:useless suggestion (1)

renoX (11677) | more than 7 years ago | (#16459275)

I fully agree since the open source nv driver didn't work for my GeForce6600 (Kubuntu 6.06TS).

As an aside, I wonder why there isn't some kind of 'backup X' configuration with the vesa driver for those who have a problem with their driver?
At first I made a mistake and used fbdriver instead of the vesa driver trying to have X running to be able to use a web browser to get the closed source driver, this was frustrating, especially as Kubuntu starts with some kind of image during the boot, so I knew that it was possible to have X running, but finding how wasn't fun: Kubuntu (and Linux distrib in general) still lack polish..

Re:useless suggestion (1)

drinkypoo (153816) | more than 7 years ago | (#16459351)

As an aside, I wonder why there isn't some kind of 'backup X' configuration with the vesa driver for those who have a problem with their driver?

There is. It's called creating a simple config with the vesa driver. All servers look in the same place for their config file by default so there's not any good way to do this beyond providing you with a config file that will give you a failsafe. The X server can't be counted on to detect if its output is what it ought to be, so there's no automated way it could reasonably be handled.

Re:useless suggestion (1, Interesting)

Caligari (180276) | more than 7 years ago | (#16459315)

Seeing as there is no source code, and NVidia do not appear to have released a fix, using the Open Source X driver appears to be the only viable solution. Do you have a better suggestion? You are at the mercy of your proprietary vendor.

Re:better suggestion (4, Funny)

Psykechan (255694) | more than 7 years ago | (#16459575)

Do you have a better suggestion?

Well duh! Our only course of action is to bitch about it on /.

Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".

Re:better suggestion (0, Troll)

Sqwubbsy (723014) | more than 7 years ago | (#16459687)

Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".

So what are you? A Linux+ATI fan? w00t - you finally get to hit back. So now the nVidia folks know what it's like to run Linux without 3D support.

Boy, you showed them, tough guy.

Re:useless suggestion (1)

Vellmont (569020) | more than 7 years ago | (#16459435)


This is as useless as suggesting "Install Linux" when a Windows vulnerability has been found!

Not really. You assume that this is somehow incredibly difficult. In actuallity the difficult part has already been done. That happened when the end user installed the binary only nVidia driver. Going back to the driver
supplied by the distribution should be easy by comparison.

Sure you're not going to get the 3-D performance benefits, but you'll at least not get your machine rooted.

Re:useless suggestion (5, Informative)

JensenDied (1009293) | more than 7 years ago | (#16459483)

FTFA
NVIDIA released the 1.0-9625
Comment posted by Anonymous (not verified) on Monday, October 16, 2006 - 13:22

NVIDIA released the 1.0-9625 driver which fixes this bug last month: http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html [nzone.com]

Its a bit ironic how these Rapid7 guys are foaming at the mouth about NVIDIA's awareness of the issue when Rapid7 wasn't even aware that its been fixed for weeks now.

I couldn't agree more. (1)

robyannetta (820243) | more than 7 years ago | (#16459067)

"This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux."

This is why I always said that all software for a FOSS operating system should be just that... OPEN.

Re:I couldn't agree more. (1)

eln (21727) | more than 7 years ago | (#16459429)

Requiring that software must be open source in order to run on Linux would pretty much kill Linux in the business world. While that may be acceptable to you, it probably isn't acceptable to the many thousands of people who have either invested heavily in Linux on the business side or who make a living supporting and/or coding for Linux.

Re:I couldn't agree more. (1)

Ossifer (703813) | more than 7 years ago | (#16459581)

This is why I always said that all software for a FOSS operating system should be just that... OPEN.
Shouldn't this rather be a matter of choice for the user (i.e. system installer/admin)? If I want to muck about with my system, potentially causing myself damage in the process, why do you want to stop me?

The Linux community gains more from individual freedom than from dogmatic declarations and limitations...

Allowed? (4, Insightful)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#16459073)

This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux.

Of course they should be allowed. How can that even be prevented? The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.

Re:Allowed? (3, Insightful)

Aim Here (765712) | more than 7 years ago | (#16459399)

They might be prevented by pointing out that the definition of derivative work in copyright law could well mean that most Linux drivers would fall within that definition, so that the linux license makes it unlawful to distribute them under anything other than the GPL.

The Nvidia blob is perhaps a special case, since it's really a windows driver with a GPLed wrapper, so the Linux community tends to turn a blind eye, as long as the driver isn't distributed alongside the kernel. Anyone trying to write a blob driver for Linux, from scratch, would be on shaky ground. Even Linus has said that if you wrote your driver with Linux in mind, it's a derivative work.

This is a grey area and there's not a lot of case law to decide exactly what is, and isn't, a derivative work in software, so a debate does occasionally flare up, most recently with the Kororaa livecd.

Re:Allowed? (1)

drinkypoo (153816) | more than 7 years ago | (#16459449)

The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.

We're talking about a graphics driver here. It pretty much has to execute in kernel mode. you know, where you can do anything you want on the system? Sure, we could have a userspace graphics driver, but it would still need a kernel mode driver stub and it would be substantially slower, which is not really an option for most people.

Re:Allowed? (2, Interesting)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#16459595)

We're talking about a graphics driver here. It pretty much has to execute in kernel mode. you know, where you can do anything you want on the system? Sure, we could have a userspace graphics driver, but it would still need a kernel mode driver stub and it would be substantially slower, which is not really an option for most people.

With the current design of the Linux kernel + userspace, I agree, but I'm unconvinced that that has to be the case. I see inherent stumbling blocks to untrusted video drivers, but nothing that truly prevents them from running in an untrusted mode that does not present the same level of risk. I'm not, however, competent to judge the difficulty of such an enterprise and weigh it against the amount of real benefit to the end user.

Re:Allowed? (1)

iamacat (583406) | more than 7 years ago | (#16459679)

It pretty much has to execute in kernel mode

Why? Once VRAM and memory-mapped registered are brought into the processes' address space, why shouldn't most of the code run in user mode and, say, read IRQs from some /dev interface? Then it can allocate 1GB texture cache and rarely used portions of it can still get paged out if another process needs the memory more.

Re:Allowed? (1)

frank_adrian314159 (469671) | more than 7 years ago | (#16459645)

The more important question is what can be done to either provide more secure replacements or make sure binaries can be functional without having to be trusted by the OS.

Wait for Hurd, because the micro-kernel approach makes sure that drivers run in isolation?

Yes, I know that this is put in a flambaitic manner, but is there any better reason to make sure your kernel consists of as little as possible? Even if the server that handles the device crashes, the rest of your system won't be compromised. The performance excuse is getting a bit old, especially if you're talking workstation functionality. Most people don't need the performance that a monolithic kernel provides, just as most people don't need 3+GHz CPUs. My feeling is that as long as folks writing OSes continue to stick their head in the sand with respect to this issue, they're always going to be whistling past the graveyard.

Secure, fast, cheap - pick any two.

on the bright side... (1)

yorugua (697900) | more than 7 years ago | (#16459091)

... this might push nvidia into making the 9xxx drivers available sooner. I hope that solves the googleearth rendering problem.

Re:on the bright side... (4, Informative)

Tester (591) | more than 7 years ago | (#16459165)

There is already a 9625 beta driver available in nvidia's nzone.

Re:on the bright side... (1)

OmegaBlac (752432) | more than 7 years ago | (#16459709)

Actually Nvidia updated the driver last week and it is now at 9626.
http://www.nvidia.com/object/linux_display_ia32_1. 0-9626.html [nvidia.com]

And the first comment in the linked KernelTrap reports that this problem was fixed. I'm not sure if that is true though as I haven't verified it myself.

Re:on the bright side... (0)

Anonymous Coward | more than 7 years ago | (#16459335)

But they ARE available already.

Re:on the bright side... (1)

miscz (888242) | more than 7 years ago | (#16459699)

And they have problems, that's why they are still in beta.

Linux root Exploit (0, Funny)

Anonymous Coward | more than 7 years ago | (#16459097)

This is why windows is better. You'll never see a root exploit on a windows machine. We don't try to hide our exploits behind some high level encrpypted account. Leave the holes in the open and they will thing they are a trap. Thats my motto

Re:Linux root Exploit (1)

Captain Sarcastic (109765) | more than 7 years ago | (#16459301)

Leave the holes in the open and they will thing they are a trap. Thats my motto


For as long as I have lived, I have seen some unusual mottoes, but this one takes the cake.

To Theo de Raadt (5, Insightful)

jazman_777 (44742) | more than 7 years ago | (#16459105)

Thank you for your stand against blobs.

Re:To Theo de Raadt (2, Informative)

grub (11606) | more than 7 years ago | (#16459143)


You beat me to it. This is now 2 (or 3?) exploits thanks to binary blobs that OpenBSD is immune to.

Re:To Theo de Raadt (1)

jandrese (485) | more than 7 years ago | (#16459279)

Yep, although woe be to you if you want some fast 3D support in OpenBSD.

Re:To Theo de Raadt (1)

grub (11606) | more than 7 years ago | (#16459317)


I don't play Quake on my firewall & workstations but goatse is as colourful as ever.

Re:To Theo de Raadt (1, Funny)

Anonymous Coward | more than 7 years ago | (#16459337)

Okay, that was more information than we needed.

Re:To Theo de Raadt (1)

jazman_777 (44742) | more than 7 years ago | (#16459415)

Yep, although woe be to you if you want some fast 3D support in OpenBSD.


And, uh, woe be to you, too (see the article).

Open vs. Closed yet again... (2, Insightful)

ZephyrXero (750822) | more than 7 years ago | (#16459125)

I'm a huge fan of all thing open source/free software...but I also remember that it's the developer's choice if they want to go open or not. I don't personally understand what "trade secrets" nVidia has to hide by keeping their drivers closed off from the public, but it's still their choice. Unfortunately the open source alternative "nv" driver that comes with X is pretty much worthless if you want to do anything involving 3D. The best situation for those who don't want to use proprietary drivers is to go out and find a company with open drivers and stop using nVidia products if it matters that much to you.

I'm sure endless flame wars will follow below...so you guys have fun with that ;)

Re:Open vs. Closed yet again... (1)

purpledinoz (573045) | more than 7 years ago | (#16459313)

Well, if you opened the source, then you can see the tweaks and short-cuts that were made to make the video card run fast... the competition can use this against them... I'm sure ATI and nVidia both have their fair share of short-cuts in their drivers.

Re:Open vs. Closed yet again... (1, Interesting)

ZephyrXero (750822) | more than 7 years ago | (#16459591)

God forbid fair competition where the actual hardware's merit has to stand on it's own ;)

Re:Open vs. Closed yet again... (1)

mcbridematt (544099) | more than 7 years ago | (#16459355)

I don't personally understand what "trade secrets" nVidia has to hide by keeping their drivers closed off from the public, but it's still their choice.

Open source graphics drivers are a potential goldmine for patent lawsuits. nVidia has accused ATi of driver reverse engineering in the past, so its not going to happen.

Personally I don't care - as long as they work.

Re:Open vs. Closed yet again... (1)

sowth (748135) | more than 7 years ago | (#16459387)

Okay, I'd love to buy a modern 3d accelerated video card with working open drivers. What chipset is it? Where do I get one? The magic yak fairyland?

Re:Open vs. Closed yet again... (0)

Anonymous Coward | more than 7 years ago | (#16459653)

* Intel integrated graphics. (All of them. Intel actively provides Free Software drivers for their graphics chipsets.)
* ATI Radeon <r500 (that's <= X850, including all the non-X ones), with the exception of the shared RAM Xpress integrated chipsets (If you want an integrated chipset, pick Intel!). http://dri.freedesktop.org/wiki/ATIRadeon [freedesktop.org]

Re:Open vs. Closed yet again... (1)

swngnmonk (210826) | more than 7 years ago | (#16459445)

My theory (admittedly without evidence) is market segmentation, on both ATI's and NVidia's parts. It's something that has been done for years in the tech community, across many different kinds of products.

In effect, given the costs of production, it would be a lot cheaper for both ATI and NVidia to make a single GPU, and use binary drivers to enable/disable additional pipelines, texture processing units, etc, than it would be to actually make a series of different GPUs that have those capabilities. It wouldn't surprise me much at all that other than actual clock frequency & RAM speed, the only difference between the $100 cards and the $400 cards (assuming the same family of GPU) is an ID somewhere deep on the card that allows the driver to determine how many pipelines and additional features to enable. Consider this the difference between the 'student' and 'pro' versions. :)

Re:Open vs. Closed yet again... (2, Interesting)

Aadain2001 (684036) | more than 7 years ago | (#16459647)

While the core idea of your's is not wrong, what you are suggesting would actually cost more. While a lot of silicon manufacturers (Intel, AMD, IBM, ATI, Nvidia, etc) do have some features that they can turn "off" when they want to sell a part cheaper than the fully enabled product, I very much doubt that they have a significant number of them. Remember, these are not software features we are talking about, in which the product is the same size (roughly) on the CD as the full version. In silicon manufacturing, die size is a big factor in the cost. As the die size increases, the number of chips per wafer decreases, thus increasing the cost per chip. Add in the decrease in yield for very large dies and the cost goes up more. Manufacturing designs with the full 24/48/64/etc pipelines and then disabling some of them using software is a waste of space and thus wasted money. It makes more sense to develope designs that can easily have more pipelines added to make the higher end products than to waste space on the die.

No doubt that users do not like binary blobs (1)

ratta (760424) | more than 7 years ago | (#16459139)

But i hope that this will make understand that binary blobs are evil to corporate users.

How serious, really? (1)

XanC (644172) | more than 7 years ago | (#16459141)

I'm not calling into question the value of open drivers. But it seems that most people using nvidia's blob are running on desktop machines, either single-user or within the family. It would seem unlikely that these users are granting remote X sessions to untrustworthy people.

Re:How serious, really? (0)

Anonymous Coward | more than 7 years ago | (#16459379)

Actually, most new Sun Solaris systems ship on AMD hardware with NVIDIA graphics card and the binary blob driver pre-installed. They are listed as "Likely vulnerable".

Re:How serious, really? (2, Insightful)

bunions (970377) | more than 7 years ago | (#16459485)

exactly. Unless you're allowing remote x sessions (and if you are, you deserve what you get), this is a nonissue. Oh, and that "malicious webpage" thing? All it'll do is crash X. So did Firefox for a while, and we all ran it anyway.

2 steps to root access(was Re:How serious, really) (1)

sowth (748135) | more than 7 years ago | (#16459601)

The problem is the same as why you shouldn't run as root all the time. If you use any networking app (such as Mozilla/Firefox) and it has any sort of code execution vulnerability (such as buffer overflows), then a potentially untrusted user could run code under your account, just by creating a buffer overflow using a specially formed web page or image file or mail/news message. With this vulnerablility, they can gain root access too. Do anything they want.

Missing out. (5, Insightful)

headkase (533448) | more than 7 years ago | (#16459149)

nVidia and ATI are missing out on a pool of talented free labour in their Un*x markets. Seriously they have to pay people to write Windows drivers when they could have Linux people do it for free and fold the best parts back into their Windows drivers. Idiots. ;)

Re:Missing out. (1)

nuzak (959558) | more than 7 years ago | (#16459431)

Writing device drivers isn't exactly like writing a skin for a PHP forum application. There is a rather small pool of talented device driver writers with the appropriate skills for graphics hardware, and nVidia feels that they employ enough of them. More is not better.

Re:Missing out. (0)

Anonymous Coward | more than 7 years ago | (#16459561)

Why not just keep their employees and have a git site so people can read the code and contribute like any other linux driver? They don't have to fire their own people just to get help from the linux community.

Hate to say it... (0)

Anonymous Coward | more than 7 years ago | (#16459175)

...but I told you so.

Cheers,
Theo

This is an obvious fraud (3, Funny)

drinkypoo (153816) | more than 7 years ago | (#16459543)

Theo LOVES to say "I told you so"

This is a relatively minor problem (4, Insightful)

Theovon (109752) | more than 7 years ago | (#16459183)

Ok, security is never "minor," but it kinda washes out in the context of all of the stability and compatibility problems they've had as compared to FOSS drivers for cards whose manufacturers do publish specs. nVidia simply don't do a good job at writing their drivers. They violate all sorts of rules about how you're supposed to write Linux drivers. But being closed source, no one is ever allowed to fix the problems, and nVidia doesn't put enough people on it to keep up.

What we need is a graphics vendor who publishes full specs for their graphics chips! If nVidia won't do it, find someone who will.

kdawson: (0, Offtopic)

grub (11606) | more than 7 years ago | (#16459187)


Thank you for not using "pwned" in this headline.

Intel Open Source Graphics Driver (2, Interesting)

platyk (696356) | more than 7 years ago | (#16459193)

This is one reason I think I'll stop using NVIDIA chips and start using Intel chipset graphics hardware in the future. http://intellinuxgraphics.org/ [intellinuxgraphics.org]

Re:Intel Open Source Graphics Driver (3, Insightful)

postmortem (906676) | more than 7 years ago | (#16459257)

Well, then enjoy intel software sold as $2/pc hardware.

Re:Intel Open Source Graphics Driver (0)

Anonymous Coward | more than 7 years ago | (#16459271)

See related story BSD: Intel Accused of Being an "Open Source Fraud"

Too bad Intel doesn't have open source drivers (0)

Theovon (109752) | more than 7 years ago | (#16459273)

Too bad this is all hot air. Intel haven't released full specs, just partial specs under NDA to a handful of people. They play no other part in the development of the drivers (for liability reasons, they got volunteers to do the drivers for them). And some important features require a binary blob.

Intel does not have FOSS drivers.

Re:Too bad Intel doesn't have open source drivers (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16459419)


Your post is not even *remotely* based on facts:

Keith Packard - maintainer of X.Org is a fulltime employee of Intel, and works 100% on improving X.Org including DRI/DRM and all 3D graphics drivers (Including Intel's).

How much specs do you want if a fully working 3D-enabled Open Source driver is released???

None of the graphics components of the i965 chipset (and afaik other chipsets) need a binary blob. As a matter of fact, there are no binary blobs for Intel Graphics chipsets at all.

Shape up and get informed.

Re:Too bad Intel doesn't have open source drivers (0)

Theovon (109752) | more than 7 years ago | (#16459489)

Well, you're mostly right.

See this: http://kerneltrap.org/node/7184 [kerneltrap.org]

Still, you don't really know how much they're holding back. How many features are they not using in the open source driver?

But at least they have the security...

Re:Too bad Intel doesn't have open source drivers (1)

sofar (317980) | more than 7 years ago | (#16459469)

I beg to differ: http://e1000.sf.net/ [sf.net]

Re:Intel Open Source Graphics Driver (0)

Anonymous Coward | more than 7 years ago | (#16459681)

+1

Thank you Intel, farewell nvidious.

nVidia CAN'T OPEN SOURCE DRIVERS (0)

Anonymous Coward | more than 7 years ago | (#16459229)

This is due to the fact that they are using liscenced code from other people/companies, and they would need to open source that as well.

Re:nVidia CAN'T OPEN SOURCE DRIVERS (1)

WilliamSChips (793741) | more than 7 years ago | (#16459677)

They could contribute to the existing open-source drivers though. They did that with forcedeth.

HW makers should produce multiple drivers (5, Interesting)

davidwr (791652) | more than 7 years ago | (#16459239)

Hardware vendors, be they printers, video cards, or what-not, should work to 2 sets of specs:

A high-performance, possibly proprietary, specification that gives them a definate edge over their competitors. If they want to ship binary-only drivers that's fine.

A possibly-lesser-performance specification that does "the basics" - everything a typical device of its type can do. This specification should be public, preferably with open-source drivers. Even without drivers, those who need to can write drivers from the specification. For a high-end video card, this should be everything that a low- or medium-end card could do. For an all-in-one printer, this should include basic full-color printing at "typical for its technology" resolutions, basic full-color scanning at "typical for its technology" resolutions, and b&w and color faxing. For a high-end sound card, this should include at least 2-channel sound. For a communications device, it should include all internationally-accepted standards that the device supports, but need not include the most efficient or highest-performance embodiment of those standards.

Most important is full disclosure:
Any device that doesn't provide a full, published specification of "everything" must disclose the limits of the published specifications, so buyers will know exactly what they are buying: a device that, should problems be found with the drivers, or when used with operating systems without supported drivers, is limited to a specified downgraded functionality.

Re:HW makers should produce multiple drivers (0)

Anonymous Coward | more than 7 years ago | (#16459589)

Good start. Now get different vendors to agree on 1 baseline specification. Make it sane enough to use it in the future. That's what we call a hardware standard. Every new videocard/printer/NIC/... on the market could function without writing 1 line of code. When we get at that point, well, the 90's had something like that.

Problem is microsoft and the vendors: Its great for MS if you actually need a new OS to use relatively recent hardware, because nobody writes drivers for your good old functioning windows 95 computer. I'ts great for the vendors to make you buy, say, a new scanner, because nobody wrote drivers for your functioning old one. So in practice, we see the disappearence of the hayes more-or-less standard, with winmodems replacing it.

No surprise here (0, Redundant)

Caligari (180276) | more than 7 years ago | (#16459241)

The OpenBSD Project [openbsd.org] has been warning about the dangers of binary blobs - security and otherwise - for years now. Indeed, binary blobs were the theme of the OpenBSD 3.9 release [openbsd.org] (as mentioned in the kernel trap article).

Perhaps people will now start to wake up and realise that these kinds of drivers are unacceptably dangerous, both for immediate system security and for future hardware freedom. Slimey vendors like NVidia, Intel and Atheros have been trying to shove this crap down our throats for some time now.

Free software users need to unite and say NO to binary blobs! Lets kick this crud out of our operating systems!

Re:No surprise here (1)

idontgno (624372) | more than 7 years ago | (#16459691)

Free software users need to unite and say NO to binary blobs! Lets kick this crud out of our operating systems!

In the interests of full disclosure, don't forget to mention that you're saying NO to a lot of capability with your principled stand. You already understand this, I'm sure, and what you're losing (i.e., accelerated 3d) you obviously can do without. But for some, that's not negotiable.

I'd be curious to understand what you envision as the way forward from this. If we successfully "kick this crud out of our operating systems", as you put it, how do we get the features we're losing? Are you expecting a breakthrough in the Free developer community to reverse-engineer an unencumbered Free equivalent with full capabilities? The vendor to "come to its senses"? The user to decide "No, we really don't need that whizzy thing we can't have without binary crud"?

I am not optimistic about any of those three alternatives that I can guess at. Maybe you have another one I haven't come up with?

Can't get worked up (3, Insightful)

AKAImBatman (238306) | more than 7 years ago | (#16459249)

Am I the only one who can't get worked up about this exploit? I mean, I should be thinking, "this is happening because of X, we should do Y to fix it!" And yet, I just can't develop an opinion either way. It's not that I'm wrestling with myself, it's just that I don't care.

Analyzing this, I think the reason is because the NVidia and ATI drivers are a PITA everywhere. By installing the drivers, you agree to destablize your system in exchange for the most incredible 3D (and 2D to a certain degree) performance. When Something Bad Happens(TM), you just sort of take it as coming with the territory.

It's sort of like hooking Nitro up to your car. Sure, your engine is more powerful than ever. But are you really all that surprised when you bust a valve, crack a ring, or do some other form of damage to your hotrod?

It would be nice if OSS drivers could be created. But it's probably not going to happen. NVidia won't open their drivers (ATI, doubly so) and the OSS community doesn't have enough info to recreate them. Thus I think the best bet is the Open Graphics Project [duskglow.com] . If they produce a viable 3D card alternative, you'll finally be able to chose between a stable (but slower) 3D card, or a high-performance, hotrod 3D Card. Take your pick to meet your needs.

Oh, and keep a firewall in front of your machine and the internet. Pipe all your X communications over SSH. Just good safety sense. ;)

Re:Can't get worked up (1)

Theovon (109752) | more than 7 years ago | (#16459363)

In reality, for most desktop use, the difference between an open graphics card (based on their design specs) and a high-end nVidia card is how much time the GPU spends idle. Most X11 apps just aren't the least bit taxing on the GPU. Only if you throw a high-end game at it will you notice any difference. Keeping in mind that the FPGA version of the OGP memory controller is already spec'd to run at 200Mhz (DDR400 x 128 bits = 6.4GiB/sec), when they go to ASIC, they'll have phenominal performance.

Re:Can't get worked up (1)

bfree (113420) | more than 7 years ago | (#16459527)

NVidia won't open their drivers (ATI, doubly so)
They don't have to open their drivers, they could do as ATI did previously with the r200 and provide the information required to create a driver (either openly or to a closed group who will sign nda's over it and release an open driver).

Already done did it! (0)

Anonymous Coward | more than 7 years ago | (#16459267)

I used to putz around with the nvidia drivers and finally just said screw it-and my dang card still works! My thanks to the true open source guys. Binary blobs *sucketh*. If I want to run binary blobs I'll just install windows and be done with it..but I don't! I am not going to compromise principles any longer and "cheat", open source or they can eat my shorts.

So? Who cares? (1)

nkrgovic (311833) | more than 7 years ago | (#16459277)

I mean, we are talking about a local root exploit, for a machine with graphics connected to it. Really...


  That machine is a desktop / workstation anyway, and has no, or almost no (ssh being an only exception) means for anyone to obtain a non-console login in the first place. OTOH, a person physically sitting on a machine has no need to exploit it. Again, who cares?

Re:So? Who cares? (2, Informative)

chill (34294) | more than 7 years ago | (#16459433)

From the actual advisory:

"This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page)."

That part wasn't in the /. summary.

It ain't too serious. (4, Insightful)

vidarlo (134906) | more than 7 years ago | (#16459293)

How many people use the nVidia cards in their servers? None, I guess. nVidia, and most 3D-cards is used on personal systems, with one user, which is usually root. If that user can use a root exploit to become root - so what! Remember that you have to be able to control the X11 display server to take advantage of this, which means you *have* to be logged in locally or be root.

Whilst I agree with the principle, I don't think this bug will have *any* impact, as most home boxes have no accounts accessible from the internet, that is able to run X11. If they have, they probably have bigger problems. Same goes for people running untrusted code that can execute this: it could as well provide a shell, or whatever. Yet, the problem is then *untrusted* code. A person that runs untrusted code can probably be coerced into running that as root as well.

So my guess: zero impact!

Re:It ain't too serious. (1)

Caligari (180276) | more than 7 years ago | (#16459413)

Get a clue. Recent Sun amd64 servers ship with the vulnerable NVIDIA blob under Solaris (which is also probably vulnerable).

Re:It ain't too serious. (1)

chill (34294) | more than 7 years ago | (#16459563)

From the actual advisory:

"This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page)."

So... (4, Insightful)

Richard_at_work (517087) | more than 7 years ago | (#16459319)

How many root exploits have been found for this driver, and how many have been found for opensource elements of the kernel while this driver has existed? Touting this as a reason to drop the closed source driver is nothing but politics and fearmongering, you guys should know better.

Re:So... (4, Informative)

Aim Here (765712) | more than 7 years ago | (#16459603)

The problem is not that a root exploit exists. Shit happens. Those can be fixed and the world moves on.

The problem is that all users of Nvidia graphics cards are helpless to make their machines safe because Nvidia has control over the source code. If Nvidia says 'Screw you' or goes bankrupt, then their users are screwed. Had they GPLed their driver, then someone else could have fixed it.

And that's exactly what's happened in this case.

If you read the TFA, you'll see that NVidia has known about this bug for TWO GODDAMN YEARS already and NOT fixed it. Surely that's one big 'SCREW YOU' to the Linux, Solaris and BSD communities right there.

Easier said than done. (0)

Anonymous Coward | more than 7 years ago | (#16459403)

Not everyone runs a display that the standard 'nv' driver supports. Wide panel displays tend to have issues running with that driver since the resolutions are often odd sizes like 1440x900. I have to use the nVidia drivers to get the display to look right and use it's native resolution. I know many laptop owners also have similar problems as well. It's easy to say "just switch to the opensource one", but it's not as refined or functional as the real nVidia driver. Hopefully folks will fix the resolution limits on that soon.

Reportedly Fixed on Kerneltrap (0)

Anonymous Coward | more than 7 years ago | (#16459421)

According to the first comment over on kerneltrap, this was fixed by NVidia last month in a beta release. However, the issue in question was not mentioned in the release notes.
http://kerneltrap.org/node/7228/ [kerneltrap.org]
http://www.nvnews.net/vbulletin/showpost.php?s=878 67d1f473f5e912c412a23e19a8dc3&p=1027749&postcount= 11/ [nvnews.net]
http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html/ [nzone.com]

I think I speak for a lot of people when I say... (0)

Anonymous Coward | more than 7 years ago | (#16459447)

I'm not giving up my 3d. it's as simple as that, the open source drivers SUCK. You want me to use your open source 3d drivers, then GET TO WORK and make them faster than the nvidia ones. Looks like a LOT of linux boxes are going to have security holes (assuming nvidia don't fix this quickly which i bet they will). DRI has had TERRIBLE performance compared to nvidia for years. FIX IT then we'l make our systems secure. fact is if it's a choice between a security hole and my games and HD movies, i choose my games and hd movies. I can't get 1080p playing back in software mode without stuttering and this is on an athlon 64 X2 4400+ 3GB ram and a geforce 7600GT. open source graphics have and wll continue to suck for a long time.

1600x1200 w/ DVI in the 'nv' driver, please? (2, Informative)

AcidPenguin9873 (911493) | more than 7 years ago | (#16459539)

The reason I use the closed-source binary blob driver is because the 'nv' driver can't program my flat-panel monitor to accept a 1600x1200 DVI signal. I have to use my glorious 20.1" panel in 1280x1024 mode or hook up the old VGA cable to get a 1600x1200 signal. Here's the thread about how the 'nv' driver depends on the video card BIOS to program up the flat panel registers:

https://bugs.freedesktop.org/show_bug.cgi?id=3654 [freedesktop.org]

"The "nv" driver currently can't change the BIOS-programmed display timings. Unfortunately, this is not something that we can fix right now."

This just sucks, IMHO.

Thank god for fglrx! (0)

Anonymous Coward | more than 7 years ago | (#16459605)

It's so wonderfull that Ati makes such crappy drivers that you can get decent open-drivers for Ati-cards.

Oh, give me a f*ckin' break! (1)

Qbertino (265505) | more than 7 years ago | (#16459619)

So this is gonna fuel the debate wether binary drivers are ok or not? WTF? Wether drivers are binary or not has absolutely *NOTHING* to do with wether there's an exploit or not. This is only gonna be abused by the 'all FOSS at all costs' faction. Linux and OSS owe a great deal of their success in recent years due to the all-out 100% fully official support of Linux by Nvidia. Knowing Nvidia they'll have a fix out at least as fast as any OSS project. Cut them some slack allready. It's not that everthing else in the Linux world has never had an exploit.

Not as surprising as it should be (0)

Anonymous Coward | more than 7 years ago | (#16459627)

Maybe this is related to the fact that a 1280x1024 checkerboard image that I have is able to freeze my system solid. Or at least it was able to do so in the past using the nvidia driver but not the nv driver. I don't want to test it on my current setup because I don't feel like rebooting.

neighbors watch out (4, Funny)

wes33 (698200) | more than 7 years ago | (#16459697)

Hey ... my neighbor runs linux with an nvidia card. And he was showing me some fancy 3d stuff that my xp can't do. So I can hardly wait to turn the tables and take over his system. So what is step 1 ...

Oh, I see, first I have to break into his house :(

Couldn't use nVidia's driver anyway. (1)

hullabalucination (886901) | more than 7 years ago | (#16459723)

It wouldn't render fonts correctly for me unless I turned off the render acceleration, and even then fonts wouldn't render under WINE.

Much as I'd like to have the acceleration features of the card, I can't until nVidia figures out how to get their drivers relatively bug-free with FreeType and Xorg R7. That might take a while, so I'll just have to bide my time with the stock "nv" driver. Google Earth will be incredibly slow for me until that time:

"Google Earth is now downloading the entire planet to your GPU. Google Earth can not locate a valid driver for your graphics card. Please be patient, this will take decades. Would you like to save time by skipping Mauritania, Poland, Liberia and Panama? Select Yes or No."

* * * * *

It's only when you look at an ant through a magnifying glass on a sunny day that you realise how often they burst into flames.
--Harry Hill

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>