mjg59: Wow, who'd have thought that loading 6 m

Matthew Garrett (

mjg59) wrote,
@ 2006-10-16 22:50:00

Wow, who'd have thought that loading 6 megabytes of unauditable code into your kernel and X server might be a bad idea? It's almost like code running as root was some sort of potential security issue, or something.

(Post a new comment)

hub_
2006-10-17 12:34 am UTC (link)

This is exactly OpenBSD argument. :-)

How come this bug hasn't been fixed in the last couple of year they know about it?

Funny discussion with a friend:
"ah, that is why load a 100KB XML file not wrapped in a non-wrapping X11-based editor crash the X server each and every time?"

Wait nvidia is based in the US, may a class action lawsuit would be fun. On top of that add the copyright infringement. ;-)

(Reply to this) (Thread)

	Which OpenBSD argument? (Anonymous) 2006-10-17 11:44 pm UTC (link)
	This argument is the one I thought of.... http://marc.theaimsgroup.com/?l=openbsd-misc&m=114738577123893&w=2 (Reply to this) (Parent)(Thread)

	Re: Which OpenBSD argument? hub_ 2006-10-17 11:47 pm UTC (link)
	Not that argument. I was talking about the argument that "blob drivers are inacceptable because they can't be audited and fixed for potential bugs leading to security holes". Given that OpenBSD has the goal to be secure. They also criticize FreeBSD for accepting such blobs against any security precaution. (Reply to this) (Parent)

	uon 2006-10-17 07:05 am UTC (link)
	But.. ..so.. ..shiny! (Reply to this)

	pjc50 2006-10-17 11:44 am UTC (link)
	My first thought: damn, what am I going to do for drivers now? My second thought: hmm, I wonder how many drivers on Windows systems have similar vulnerabilities? (Reply to this) (Thread)

	hub_ 2006-10-17 11:48 pm UTC (link)
	who knows :-) (Reply to this) (Parent)

	kernelslacker 2006-10-17 09:49 pm UTC (link)
	You know what really pisses me off though? All the clueless "Oh, as if open source drivers don't get security problems" counter-arguments (if you can call them that) that have arised from this. I need to learn some new profanity, the old words just don't cut it any more. (Reply to this) (Thread)

	yet another clueless counter argument (Anonymous) 2006-10-17 11:34 pm UTC (link)
	The open source programs don't have to pay Coverity for the check, as the DHS pay that for us ;) So shoot me... (Reply to this) (Parent)

hub_
2006-10-17 11:51 pm UTC (link)

Yeah I got a lot of b.s. like that. But how many know security bugs in open source software don't get fixed within the days if not hours of discovery/disclosure? From what I read, nvidia is aware of lot of reproducable crashers still unfixed. I wonder if that one was in there.

The counter-argument to the b.s. you just said is: "but with open source driver we can fix the security problem *immediately* without waiting for a vendor"

If you learn new profanity, let me know, I need to join the class too.

(Reply to this) (Parent)

	tau_iota_mu_c 2006-11-11 02:55 am UTC (link)
	I need to learn some new profanity, the old words just don't cut it any more. I seem to have just invented "cunting fuckdriver". (Reply to this) (Parent)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs