LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Write to NVIDIA

Write to NVIDIA

Posted Oct 17, 2006 6:22 UTC (Tue) by cate (subscriber, #1359)
In reply to: Write to NVIDIA by einstein
Parent article: Local root exploit in NVidia driver

The open source programs have more security advisory because people check the sources and send bug report. It is rare to found an exploit before upstream fix bugs. In closed source you will have only the later category.

Performance is not a valid reason to qualify "best driver". Is is simpler to ignore some races and some cases to gain a lot of performance, but at the end is not correct on some cases, then you will have some crash or lock every day/week/month/year? I prefer "safe" over "preformance"

(Log in to post comments)

Write to NVIDIA

Posted Oct 17, 2006 9:47 UTC (Tue) by NAR (subscriber, #1313) [Link]

The open source programs have more security advisory because people check the sources and send bug report. It is rare to found an exploit before upstream fix bugs.

I seem to recall that even Debian servers were compromised by a previously unknown local root exploit based on a kernel bug - and probably the kernel gets the most peer review, so the situation could be only worse for other projects. Anyway, I believe that the number of critical bugs does not depend directly on the methodology of development, it depends on the skill of the developers and their deadlines.

Bye,NAR

Write to NVIDIA

Posted Oct 17, 2006 10:04 UTC (Tue) by cate (subscriber, #1359) [Link]

The exploits of Debian server, IIRC, was two kernel bugs. IIRC one was discovered with forensic of the debian exploit. So I agree, also open sources have zero-day exploits.
But IIRC there was some studies about drivers, and the majority of binary drivers was coded in a very very bad manner (and not only Linux drivers).

Linux have specialized people with good kernel skills in design, features and common problems. Unfortunately the hardware designers lack of people with in-deep known. (Maybe "our" editor books helps to fill the gap)

Anyway there are a lot of security problem in a lot of open source programs. And I think for a cultural reason.
Check gallery, one of the most used web photo gallery. The FAQ explains you to chmod 0777 all the files in the gallery distribution!!!

Write to NVIDIA

Posted Oct 17, 2006 14:39 UTC (Tue) by ajross (subscriber, #4563) [Link]

"nvidia's drivers, as they are currently the best video drivers available for linux at any price."...
"What part of "root exploit" did you miss? That automatically disqualifies them from even running for "best video driver"."...
"Performance is not a valid reason to qualify "best driver"."...

This is an apples-to-oranges argument. The NVIDIA drivers are "best" to some folks because they are fast, stable, and very featureful. They are they only drivers available under linux that have the features (OpenGL extensions & 2.0 shaders) you get with the windows drivers, period. To people doing 3D development under linux (most of us at www.flightgear.org, for example), they are honestly the only reasonable choice. Bugs in the ATI and x.org drivers appear regularly. There's a very common one right now (we see it routinely on IRC, not sure which distros are affected) where trying to run an indirect GL client when an improper xorg.conf setup causes a client crash.

People not doing 3D development don't likely care about the output of glxinfo and just want their 2D desktop and the occasional (pre-compiled and tested by someone else) 3D program to be stable and work. These folks can get acceptable use out of the existing free drivers. But to pretend that that makes them "just as good" as the NVIDIA drivers is a little delusional. They aren't.

Now, does that make it "OK" that NVIDIA's drivers are non-free, or excuse the root hole? Of course not. But please don't confuse the issue by arguing two things at the same time. NVIDIA's drivers have features that some of us need, and that are simply not yet available from free software.

Write to NVIDIA

Posted Oct 17, 2006 16:00 UTC (Tue) by AJWM (guest, #15888) [Link]

> To people doing 3D development under linux (most of us at www.flightgear.org, for example), they are honestly the only reasonable choice.

Horsepucky. The open source ati drivers are just fine for running flightgear, and as far as development goes, it doesn't matter what graphics you have for compiling. Might make a slight difference if you're building models, but I doubt it.

I will freely admit that you do need a decent 3D card and drivers to run FlightGear -- I replaced my ancient generic PCI video card (1 frame per second) with an ATI 9250-based, 256MB AGP card (typically about 40 fps, higher at night ;-), with everything else the same) for that very reason.

> NVIDIA's drivers have features that some of us need,

Need? Really? Want, perhaps. Especially if you're doing development rather than running applications -- fast compilers aside, developers (of mass audience apps) shouldn't be targeting bleeding edge hardware, it skews their perspective. Come up with creative solutions to make the app fast/dazzling/whatever on mediocre hardware and you'll make more people happy. (Personally as far as FlightGear goes, I'd just as soon see less effort spent on making clouds look more real, and more done on making the scenery look more like the places I've actually flown, or at least make the documentation better so that I can figure out how to incorporate photos into the scenery myself. Although to be honest I haven't spent a lot of time on that yet.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds