[conspire] Buggy ATI Driver (and others) Leaves Vista Open to Attack

Rick Moen rick at linuxmafia.com
Sat Aug 18 20:04:42 PDT 2007


Quoting Don Marti (dmarti at zgp.org):

> Or, theoretically, get root on your machine remotely
> when you view a specially crafted image downloaded
> from a hostile site.  All Linux drivers are equally
> and totally trusted, so just because a device doesn't
> interact with the network doesn't mean that its
> driver couldn't introduce a remote vulnerability,
> or overwrite /dev/random's entropy pool, or whatever.

Indeed, if device drivers themselves provide privilege escalation
mechanisms, the system is in deep trouble.  This has been known, for
years, to be true on _all_ Win32 systems without exception, as an
inherent consequence of the Win32 messaging model, even without the
drivers offering privilege-escalation paths as such:

http://web.archive.org/web/20060904080018/http://security.tombom.co.uk/shatter.html

Given that Microsoft Windows Vista didn't make a clean break from the
established Win32 API, I greatly doubt that Vista escapes this inherent
and long-established security failure.

Meantime, we _already_ had other, individually compelling reasons not to
use that buggy, proprietary crap from ATI and Nvidia (the latter's
inexcusably bad quality being, if memory serves, the reason the Linux
kernel team implemented the "taint" flag).  This is just one more
reason.





More information about the conspire mailing list