Local root exploit in NVidia driver
Local root exploit in NVidia driver
Posted Oct 17, 2006 11:29 UTC (Tue) by hein.zelle (guest, #33324)In reply to: Local root exploit in NVidia driver by beejaybee
Parent article: Local root exploit in NVidia driver
> Now there's no 100% effective defence against hackers (short of complete
> and permanent disconnection from the network), but this episode shows
> the insanity of installing closed source drivers on any system which
> ever has network access.
I'm sorry, but even though I am not happy with the closed nature of the nvidia drivers (being the owner of several of such cards) I think the above remark is a bit out of bounds.
Calling closed-source drivers on a system connected to the network "insanity" is rather overdone, I'd say. Apart from the fact that at least 80% percent of all computers ONLY run closed source drivers (which I suspect you indeed find insane :-), I don't see the big difference with other closed software. I'd like to see the count of LWN readers that don't have ANY closed source software on their machine, vs the amount of people that run google-earth, for instance. Why would a driver be any more dangerous than a piece of software that is used daily on the internet? I suspect the risk of getting your system broken into through a bug in a popular webbrowser is a lot higher than through a closed-source video driver.
I think the real issue is the fact that you have no control over bugfixes in closed-source software, be it a driver or something else. To many people that will not be acceptable, and to many others it will be as long as the manufacturer responds reasonably well to problems. From this article and the responses I'm neither convinced that NVidia is doing a very good job at it, nor that they are messing it up. It may be interesting to just ask them about it. I think it's only in NVidia's best interest to deal with the issue appropriately, and wouldn't be surprised if they became a bit more informative if told about the impression they've left behind.
Posted Oct 21, 2006 2:52 UTC (Sat)
by roelofs (guest, #2599)
[Link] (1 responses)
Do you honestly not get that? A driver lives in kernel space--it's root already! With the possible exception of certain kinds of hardened kernels, there are very few things a driver can't do. If someone gets that far, they own your machine--period. And to get that far, all it takes is one unprivileged remote exploit--perhaps browser-based, perhaps email-based, perhaps in a web server or irc client or SSH daemon; you name it, if it involves the network, it's a potential hole.
So yes, the balance of danger between a driver and a piece of Internet software, each taken on its own, is unclear--one is local but basically infinitely powerful; the other is remote but of limited power. However, it's naive to imagine that the bad guys are going to limit themselves to just one or the other--or that you (or your distro provider) are going to know about all the holes they know about. Every chink in the armor is a stepping stone to the next level of penetration, and these days, two or three of them may very well be all it takes.
Greg
Posted Oct 21, 2006 19:43 UTC (Sat)
by hein.zelle (guest, #33324)
[Link]
Apart from that I agree completely with your remark about every (unknown) vulnerability being one too many, I'm not trying to justify closed-source software with vulnerabilities in it. The point was about the original poster calling "closed source drivers" being madness in general, which I think rather depends on the behaviour of the manufacturer. Although it's clearly not the case here, I could very well imagine a manufacturer that does deal properly with (un)disclosed vulnerabilities. Unfortunately the NVIDIA case isn't suggesting that about their behaviour, so far.
Why would a driver be any more dangerous than a piece of software that is used daily on the internet?
Local root exploit in NVidia driver
Good point, I didn't think of that when I wrote that comment.Local root exploit in NVidia driver