[conspire] Buggy ATI Driver (and others) Leaves Vista Open to Attack

Don Marti dmarti at zgp.org
Sat Aug 18 18:23:13 PDT 2007

begin Ryan Russell quotation of Sat, Aug 18, 2007 at 09:47:30AM -0700:
> Don Marti wrote:
> > begin Adrien Lamothe quotation of Fri, Aug 17, 2007 at 09:12:19PM -0700:
> > 
> >> This is fun; check it out:
> >>
> >> http://www.eweek.com/article2/0,1895,2170804,00.asp
> > 
> > Nvidia and ATI supposedly share code between their
> > Linux and Microsoft Windows drivers -- so the bug may
> > be there in another form for people running "ATIux" or
> > "NVidiux", the weird, not-really-supported derivatives
> > of Linux you get when you install the proprietary
> > graphics drivers.
> There may bugs in their driver which could allow an attacker to execute
> code in the Linux kernel from a non-privileged account.

Or, theoretically, get root on your machine remotely
when you view a specially crafted image downloaded
from a hostile site.  All Linux drivers are equally
and totally trusted, so just because a device doesn't
interact with the network doesn't mean that its
driver couldn't introduce a remote vulnerability,
or overwrite /dev/random's entropy pool, or whatever.

> But the Vista problem is slightly different. On Vista 64-bit, you aren't
> supposed to be allowed kernel access even if you're administrator. You
> are only allowed to add signed drivers. When one of those signed drivers
> has bugs, then an administrator (and maybe user) can execute code in the
> kernel. Since Linux (AFAIK) doesn't attempt to keep root out of the
> kernel, it doesn't have this class of problem.

Good point.  It also doesn't have the problem of a
driver you need getting blacklisted because someone
used the same key to sign a driver-loading driver.
I'm really glad I'm not setting off an unpredictable
game of DRM Whack-A-Mole inside the kernel every time
I do a software update.

Don Marti                    
dmarti at zgp.org

More information about the conspire mailing list