According to http://download2.rapid7.com/r7-0025/ nvidia allows root access to a box with the "nvidia" driver. Is there any known workarounds for this. (Other than using the "nv" driver). Does anyone know how to contact nvidia on this? Or any good workarounds? I have been googling and been unable to find anything.:confused:

Disable RenderAccel or upgrade to the 1.0.9626 Beta drivers.

http://www.nvnews.net/vbulletin/showpost.php?p=1027960&postcount=2

From the link - "via a remote X client or an X client which visits a malicious web page" So I'm assuming you'd need to be allowing remote X logins to start with or be looking at p0rn... ;-)

Well, considering that all you have to do is make a textbox and pre-fill it with a few thousand characters, I'd say it's a pretty trivial buffer overflow to exploit, and I'm pretty surprised it's been allowed to exist for 2 years.

Related article posted FWIW:

"LWN: Re: [Fwd: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux (with exploit)]" (http://lwn.net/Articles/204543/)

and: Slashdot mention and user comments (http://it.slashdot.org/it/06/10/16/2038253.shtml)

Users at risk should take the 'nv' option or move onto the beta driver as suggested. This shows why closed source is a bad thing, this was reported 2 years ago and nothing has been done to address it. Ubuntu cant change the code, but perhaps they could push out the beta driver as a security update.

Or upgrade to edgy as this uses the beta driver i believe?

Users at risk should set RenderAccel to off. Using beta drivers can put you at risk for even more problems. If you can live with nv, then that's an even safer alternative.

Edgy does NOT use 9xxx beta drivers.

Thank you for the clarification

Thank you all very much for your quick and thoughtful replies. :mrgreen:
Forum support is one of the many reasons GNU/Linux rocks.

How does one disable RenderAccel? There is no setting in my /etc/X11/xorg.conf file. Which was generated by the default script for the nvidia driver. Does this mean I'm not at risk or do I need to specify that I want to turn that off to be safe? I have been running firefox in Xnest for the past day or so after I read about this Overflow, still not sure if that is an effective workaround or not. I would rather just verify that I have this RenderAccel Option turned off properly.

Yes it is disabled by default, if you dont see it in the xorg.conf it is disabled. Alternatively you can find the section "Device" section and add the line like below:-

Section "Device"
Identifier "Card0"
Driver "i810"
VendorName "Intel Corp."
BoardName "82852/855GM Integrated Graphics Device"
BusID "PCI:0:2:0"
Option "RenderAccel" "false"
EndSectionAt least this way you know its turned off for definate.

nVidia has released a "hotfix" for their 1.0.8XXX drivers, I would expect to see these in the repos. They have also clarified the exploit:

http://www.nvnews.net/vbulletin/showthread.php?t=78521

How does one disable RenderAccel? There is no setting in my /etc/X11/xorg.conf file. Which was generated by the default script for the nvidia driver. Does this mean I'm not at risk or do I need to specify that I want to turn that off to be safe? I have been running firefox in Xnest for the past day or so after I read about this Overflow, still not sure if that is an effective workaround or not. I would rather just verify that I have this RenderAccel Option turned off properly.

1.0.9625+ = Bug is fixed.
1.0.8XXX = Exploitable, RenderAccel is on by default. You must explicitly turn it off.
1.0.7XXX = Exploitable, legacy drivers, RenderAccel is off by default.

Is Ubuntu going to supply the patch as an update for us users using the nvidia binary blob?

Yes it is disabled by default, if you dont see it in the xorg.conf it is disabled.


That is simply not true for NVidia's drivers in Dapper. RenderAccel is now ON by default if the underlying Xorg supports it reliably (which is true for Dapper and Edgy)

Apologies for confusion...Least I know that now.

Driver 8776 is in my Testing Repos (ONLY for Dapper):
http://ubuntuforums.org/showthread.php?t=255929

Or you can use Envy:
http://albertomilone.com/nvidia_scripts1.html