Local root exploit in NVidia driver
Posted Oct 17, 2006 7:37 UTC (Tue) by beejaybee
In reply to: Local root exploit in NVidia driver
Parent article: Local root exploit in NVidia driver
"who is endangered by a local root exploit? Only multi-user machines with untrusted users."
Not quite true. The point being that a hacker who can get into the system at all can escalate privelege via the exploit i.e. all systems are effectively multi-user.
Now there's no 100% effective defence against hackers (short of complete and permanent disconnection from the network), but this episode shows the insanity of installing closed source drivers on any system which ever has network access.
I'm not claiming that open source is 100% proof either (see above) but at least if an open source driver compromises you (a) it's at least partly your fault for misplacing trust in someone who's either incompetent or hostile, (b) a timely and effective fix is likely to be available.
Security by obscurity is not, never has been and never will be effective. MS Vista developers please note.
to post comments)