LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Local root exploit in NVidia driver

Local root exploit in NVidia driver

Posted Oct 21, 2006 2:52 UTC (Sat) by roelofs (guest, #2599)
In reply to: Local root exploit in NVidia driver by hein.zelle
Parent article: Local root exploit in NVidia driver

Why would a driver be any more dangerous than a piece of software that is used daily on the internet?

Do you honestly not get that? A driver lives in kernel space--it's root already! With the possible exception of certain kinds of hardened kernels, there are very few things a driver can't do. If someone gets that far, they own your machine--period. And to get that far, all it takes is one unprivileged remote exploit--perhaps browser-based, perhaps email-based, perhaps in a web server or irc client or SSH daemon; you name it, if it involves the network, it's a potential hole.

So yes, the balance of danger between a driver and a piece of Internet software, each taken on its own, is unclear--one is local but basically infinitely powerful; the other is remote but of limited power. However, it's naive to imagine that the bad guys are going to limit themselves to just one or the other--or that you (or your distro provider) are going to know about all the holes they know about. Every chink in the armor is a stepping stone to the next level of penetration, and these days, two or three of them may very well be all it takes.

Greg

(Log in to post comments)

Local root exploit in NVidia driver

Posted Oct 21, 2006 19:43 UTC (Sat) by hein.zelle (guest, #33324) [Link]

Good point, I didn't think of that when I wrote that comment.

Apart from that I agree completely with your remark about every (unknown) vulnerability being one too many, I'm not trying to justify closed-source software with vulnerabilities in it. The point was about the original poster calling "closed source drivers" being madness in general, which I think rather depends on the behaviour of the manufacturer. Although it's clearly not the case here, I could very well imagine a manufacturer that does deal properly with (un)disclosed vulnerabilities. Unfortunately the NVIDIA case isn't suggesting that about their behaviour, so far.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds