Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
|
08-04-2012, 01:03 AM
|
#31
|
|
Member
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.0, Slackware 14.0
Posts: 450
Rep: 
|
Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.
Quote:
|
People running the proprietary NVidia graphics driver on systems with untrusted users ...
|
So how many people have access to your box, who are they, and why is your server running X? |
|
|
1 members found this post helpful.
|
|
08-04-2012, 05:37 AM
|
#32
|
|
Senior Member
Registered: Dec 2011
Location: UK
Distribution: Debian Sid + various in VMs.
Posts: 1,824
|
Quote:
Originally Posted by kingbeowulf
Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.
|
It's not quite that straight forward though. How do you know for certain the a site you are visiting is safe to allow scripting? Legitimate sites are hacked all the time even linuxquestions could, theoretically, end up running a malicious script. Knowing this hole is there means that running any script is a risk and allowing WebGL more so. |
|
|
|
|
08-04-2012, 09:40 PM
|
#33
|
|
Member
Registered: Nov 2009
Location: Gothenburg, Sweden
Distribution: Slackware64
Posts: 116
Rep:
|
NVIDIA has released a patch and an updated driver:
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Update: 2012-08-08
The 295 driver is also updated to 295.71.
Last edited by mats_b_tegner; 08-08-2012 at 08:46 AM.
|
|
|
2 members found this post helpful.
|
|
08-05-2012, 06:23 AM
|
#34
|
|
LQ 5k Club
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Laptop: Slackware 14.0 // Desktop: Slackware64 14.0 // Netbook: Slackware 14.0
Posts: 6,183
|
This is all I get now, with the 304.32 driver:
Code:
brian@slackdesk:~/temp$ ./exploit[*] IDT offset at 0xffffffff81955000[*] Abusing nVidia...
brian@slackdesk:~/temp$
Compare it to output in post #7, with 302.17. |
|
|
|
|
08-05-2012, 07:26 AM
|
#35
|
|
Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,620
Original Poster
|
Yeah, well, they fixed it, which I did not expect so soon.
|
|
|
|
|
08-06-2012, 01:24 AM
|
#36
|
|
Member
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.0, Slackware 14.0
Posts: 450
Rep:
|
Quote:
Originally Posted by mats_b_tegner
|
Thanks. One of the more usefull comments in this thread.
Quote:
Quote:
Originally Posted by kingbeowulf
Don't panic. Tempest in a teapot. I would assume most on LQ are smart enough to run any stupid ass software they find, or run freaky scripts in Firefox, etc. Just because there is an possible exploit does not mean that exploit is practical.
|
It's not quite that straight forward though. How do you know for certain the a site you are visiting is safe to allow scripting? Legitimate sites are hacked all the time even linuxquestions could, theoretically, end up running a malicious script. Knowing this hole is there means that running any script is a risk and allowing WebGL more so.
|
I respectfully disagree. Your argument fails the test of logic: Yes, that could happen since any activity involves some risk. We need only identify the possible risks and develop systems to deal with that risk. We do not need to run arround in a panic expecting the worst.
Signed
- Optimist |
|
|
|
|
08-06-2012, 05:16 AM
|
#37
|
|
Senior Member
Registered: Dec 2011
Location: UK
Distribution: Debian Sid + various in VMs.
Posts: 1,824
|
Quote:
Originally Posted by kingbeowulf
Thanks. One of the more usefull comments in this thread.
I respectfully disagree. Your argument fails the test of logic: Yes, that could happen since any activity involves some risk. We need only identify the possible risks and develop systems to deal with that risk. We do not need to run arround in a panic expecting the worst.
Signed
- Optimist
|
I never said anyone should run around in a panic. What I said was any site can be running malicious code, so it is not as simple as avoiding "stupid ass software" and "freaky scripts". Legitimate sites are hacked every day to serve malware. If you were aware of this risk then fine, I was pointing it out because there are people out there of the opinion "I only visit legitimate websites so I'm safe" which is simply not true. How you choose to deal with risk is your business but acknowledging it exists is part of the risk management process. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 08:10 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
