Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Although I have used the nvidia blob driver in the past, I only used it because I needed some 3D capabilities. The recent nouveau drivers provide good 3D support for most cards, so I use that now. The stability of the nouveau drivers has greatly improved with more recent releases as has the usability of the drivers. I notice that they now have power levels for my netbook and the fan does NOT run at 100% anymore. Rarely there is some graphics corruption and crashing with some 3D apps, but it is rare.
I am never going back to the blob, because it is not stable, not secure, not FLOSS, and not much better than nouveau for what I use.
I am posting this in the Slackware forum because perhaps people here care more about security and stability than in other forums. I have also seen many threads here about how to get the nvidia drivers working. The mods can move it if they see fit.
The nouveau driver didn't work on this desktop with the integrated graphics (nVidia 6150se/nForce 430), so I had to use the proprietary driver. I fitted a GTS 450 a while ago, but haven't taken the risk(?) of trying it with the nouveau.
P.S.
I'm a bit dubious about compiling & running that exploit (downloads as a .bin, but is actually a .c source file):
Code:
bash-4.1$ cd temp
bash-4.1$ file 86747-001.bin
86747-001.bin: ASCII C program text, with CRLF line terminators
I still use the nvidia driver. Nouveau is not for me and what I want. Security problems with software are not limited to Nvidia, so we always have to be on guard.
Yeah, I know. But is it safe to run after compiling? I've glanced through the file, but don't really know enough about C.
Edit
Oh, what-the-hell, I'll take a chance!
exploit.c:607:20: warning: always_inline function might not be inlinable [-Wattributes]
exploit.c:438:29: warning: always_inline function might not be inlinable [-Wattributes]
exploit.c:397:28: warning: always_inline function might not be inlinable [-Wattributes]
exploit.c:375:19: warning: always_inline function might not be inlinable [-Wattributes]
exploit.c:345:20: warning: always_inline function might not be inlinable [-Wattributes]
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I got that when I compiled it, when I ran it I saw "killed" after the point it said the exploit was being run, then messages similar to BrianL. The people on Slashdot who ran it seemed to see similar, I think only one of them had success.
Now I feel like I should wipe my system and reinstall though since I can't follow the ASM in the source file.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Hmm, after reading that link I think we're not safe. If the code's running in kernel space, but crashing, that means kernel space can be accessed through the exploit from userspace. Or am I misreading the comments on the linked page?
Mmm, rereading these two quotes, it sounds as if we're OK as far as this exploit goes:
Quote:
It seems to me that it's fixed at least with my combination of kernel/drivers.
Quote:
That is an oops listing. That doesn't say "fixed" to me at all; it says "the exploit doesn't quite work with this particular version of the kernel and the driver".
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I'm going by this:
Quote:
Originally Posted by PaXTeam
note the faulting insn: RIP: 0010:[<00000000004016a7>]
it's code in the *kernel's* code segment with a *userland* address (PaX/KERNEXEC and CR4.SMEP stop exactly this kind of exploit method, but this looks like a powerful bug, it could be exploited other ways). that is, the kernel is executing userland provided code, that's already proof for privilege escalation and the oops is due to the exploit's kernel payload not being bullet proof (something that's not hard to fix up, if that's your game).
Suggesting the hole is there but the exploit code isn't written to handle other kernels, but it could be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.