Write to NVIDIA
Posted Oct 17, 2006 3:03 UTC (Tue) by drag
In reply to: Write to NVIDIA
Parent article: Local root exploit in NVidia driver
There is no way to know it's fixed.
Nothing in the Nvidia changelog mentioned anything about the offending bug.
The only thing we know is that the exploit code in it's current form probably will not work. The nvidia devs didn't mention anything until after this stuff has been made public and we don't know if they closed the hole or not.
It looks a lot more the statement like damage control then actually a company concerned about fixing a security problem.
The shoker is the length of time it's taken for this problem to be realy made public. The issue has been around since 2004 and it wasn't until July 2006 until a nvidia developer in their forums acknowledged it was a problem and gave it a bug report number.
As for the quality of OSS drivers...
The OSS developers haven't realy been given a chance to show what they can or cannot due. With the Intel stuff they have to sign NDAs so only a small number of developers are working on it, but the results are actually pretty nice so far.
I would expect that developers working from within Nvidia with direct access to any and all documentation and having the developer's ear have a bit of a unfair advantage compared to developers that have Nvidia and ATI actively working AGAINST them making drivers and forcing them to reverse engineer the drivers.
I think that the fact that R300 DRI drivers work nearly as well as they do is a testiment to the fact that F/OSS developers CAN write good 3d drivers. Sure they are slow and have limited features, but non-the-less they work and are stable. I think that this a quite of a acheivement considuring that they are made from reverse engineering stuff.
to post comments)