LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 08-04-2012, 01:03 AM   #31
kingbeowulf
Member
 
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.1, Slackware 14.1
Posts: 519

Rep: Reputation: 137Reputation: 137

Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.

Quote:
People running the proprietary NVidia graphics driver on systems with untrusted users ...
So how many people have access to your box, who are they, and why is your server running X?
 
1 members found this post helpful.
Old 08-04-2012, 05:37 AM   #32
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,325

Rep: Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771
Quote:
Originally Posted by kingbeowulf View Post
Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.
It's not quite that straight forward though. How do you know for certain the a site you are visiting is safe to allow scripting? Legitimate sites are hacked all the time even linuxquestions could, theoretically, end up running a malicious script. Knowing this hole is there means that running any script is a risk and allowing WebGL more so.
 
Old 08-04-2012, 09:40 PM   #33
mats_b_tegner
Member
 
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 140

Rep: Reputation: 47
NVIDIA has released a patch and an updated driver:
http://nvidia.custhelp.com/app/answers/detail/a_id/3140

Update: 2012-08-08
The 295 driver is also updated to 295.71.

Last edited by mats_b_tegner; 08-08-2012 at 08:46 AM.
 
2 members found this post helpful.
Old 08-05-2012, 06:23 AM   #34
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 6,958
Blog Entries: 52

Rep: Reputation: Disabled
This is all I get now, with the 304.32 driver:
Code:
brian@slackdesk:~/temp$ ./exploit[*] IDT offset at 0xffffffff81955000[*] Abusing nVidia...
brian@slackdesk:~/temp$
Compare it to output in post #7, with 302.17.
 
Old 08-05-2012, 07:26 AM   #35
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Yeah, well, they fixed it, which I did not expect so soon.
 
Old 08-06-2012, 01:24 AM   #36
kingbeowulf
Member
 
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.1, Slackware 14.1
Posts: 519

Rep: Reputation: 137Reputation: 137
Quote:
Originally Posted by mats_b_tegner View Post
NVIDIA has released a patch and an updated driver:
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Thanks. One of the more usefull comments in this thread.

Quote:
Quote:
Originally Posted by kingbeowulf
Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.
It's not quite that straight forward though. How do you know for certain the a site you are visiting is safe to allow scripting? Legitimate sites are hacked all the time even linuxquestions could, theoretically, end up running a malicious script. Knowing this hole is there means that running any script is a risk and allowing WebGL more so.
I respectfully disagree. Your argument fails the test of logic: Yes, that could happen since any activity involves some risk. We need only identify the possible risks and develop systems to deal with that risk. We do not need to run arround in a panic expecting the worst.

Signed
- Optimist
 
Old 08-06-2012, 05:16 AM   #37
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,325

Rep: Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771
Quote:
Originally Posted by kingbeowulf View Post
Thanks. One of the more usefull comments in this thread.



I respectfully disagree. Your argument fails the test of logic: Yes, that could happen since any activity involves some risk. We need only identify the possible risks and develop systems to deal with that risk. We do not need to run arround in a panic expecting the worst.

Signed
- Optimist
I never said anyone should run around in a panic. What I said was any site can be running malicious code, so it is not as simple as avoiding "stupid ass software" and "freaky scripts". Legitimate sites are hacked every day to serve malware. If you were aware of this risk then fine, I was pointing it out because there are people out there of the opinion "I only visit legitimate websites so I'm safe" which is simply not true. How you choose to deal with risk is your business but acknowledging it exists is part of the risk management process.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: NVIDIA Loses Huge GPU Order Due To Linux Blob LXer Syndicated Linux News 1 06-23-2012 02:59 PM
LXer: Nouveau Driver Power Management Against The NVIDIA Blob LXer Syndicated Linux News 0 07-06-2011 01:50 PM
[SOLVED] Inserting text blob into a C program Hidden Windshield Programming 12 08-28-2010 08:05 PM
how can I access blob in mysql by C ? twwwater Programming 2 09-17-2009 08:17 PM
LXer: Stop the blob LXer Syndicated Linux News 3 06-26-2008 05:50 AM


All times are GMT -5. The time now is 08:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration