basically tech

7 NVidia Linux root exploit?

Wednesday 18th October, 2006

There have been many reports of this exploit. Rapid 7 seems to have announced this first on Monday 16th October, and story was rapidly taken up by Slashdot and Kerneltrap. The Rapid7 report goes on to state:

This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page).

The worry concerning this particular exploit seems to have been exacerbated by several factors:

  • The Linux desktop-user community tend to be more security concious than their Windows counterparts. I know that's why I switched.
  • The Rapid7 advisory was accompanied by a working proof-of-concept root exploit.
  • The comments which followed the Kerneltrap report seem to show a working example of a web-page based exploit.

Well, as a security-concious Linux user, you should be running X configured such that it does not listen for remote X session requests. That rules out remote X-based exploits. The proof-of-concept root exploit at this stage becomes a purely local exploit, i.e. you have to be able to load the exploit (pre-compiled, or compile it) on the PC and run it.

The working web-page based exploit is no longer available, but it seems to have been a JavaScript-based exploit which may or may not work regardless of which driver you are using to power your X session. Various reports about it state that:

  • It causes X to crash while using the 1.0-8774 NVidia driver
  • It causes X to crash while using Firefox with ATI open source drivers
  • It has no effect while using Firefox and the open source nv drivers
  • It has no effect while using Firefox 2.0rc3 and the open source radeon drivers
  • It has no effect while using Konqueror and the 1.0-8774 NVidia driver

According to the NVidia forum, the way to protect your PC is to either disable RenderAccel

Option "RenderAccel" "False"
or use the 1.0-962x beta driver. Note that RenderAccel is enabled by default.

All this fuss seems to home in on the fact that the NVidia drivers are closed source. They're unflatteringly described as "a binary blob". I'm not a great fan of closed source software, but I am practical. In addition, it would be well to remember that all software has bugs. By raising all this ruckus over a driver, when a simple config change or upgrade resolves the issue just makes the people who are doing this seem a little extreme.

I can't write 3D-accelerated drivers for my NVidia card. Do I need them? Well, that depends on your definition of need. Certainly my (2D) desktop is much faster with the NVidia drivers than with the nv drivers. Apps start faster, screen refreshes are quicker.

I originally specced my PC to play Doom3. (Oops, another binary blob.) Due to combination of circumstances, I still haven't finished the game! But I'm getting through it ... It would be impossible to play Doom3 on my without the NVidia drivers.

I remember playing Doom II years ago. I used to turn out the lights and raise the volume to increase the atmosphere (I lived alone then). I loved it. Then, a while back, my wife took the kids to the seaside for a few days break with their cousins, so I had the opportunity to do the same trick with Doom3. I didn't have the lights out for long! Too damn scary!