Root exploit in binary nVidia drivers

Posted on October 17, 2006 by Chris Samuel

LWN is reporting the release of information about and a proof of concept exploit for a root exploit bug in the binary nVidia drivers.

There are two NVIDIA graphics drivers for Linux: a closed-source binary blob driver provided by NVIDIA (which provides acceleration) and an open-source driver (which lacks acceleration). NVIDIA’s binary blob driver contains an error in its accelerated rendering of glyphs (text character data) that can be exploited to write arbitrary data to anywhere in memory. The open-source driver is not vulnerable.

1. Affected system(s):

    KNOWN VULNERABLE:
     o NVIDIA Driver For Linux v8774
     o NVIDIA Driver For Linux v8762

    PROBABLY VULNERABLE:
     o NVIDIA Driver for FreeBSD
     o NVIDIA Driver for Solaris
     o Earlier versions

    KNOWN FIXED:
     o None

nVidia have been somewhat tardy in addressing the issue:

There have been multiple public reports of this NVIDIA bug on the NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA’s first public acknowledgement of this bug was on July 7th, 2006. In a public posting [1] on the NVNews forum, an NVIDIA employee reported having reproduced the problem, assigned it bug ID 239065, and promised a fix would be forthcoming.

That was July – there is still no fix.

Edgy Eft Glibc/Pthread Dependency Problem

Posted on October 14, 2006 by Chris Samuel

As ever, when you are playing with a development version of a distro things can, occasionally ((OK, I must have been lucky)), break. I’ve just got bitten with the following error:

Matching libraries: /usr/lib/libpthread.so.20 /lib/ld-linux.so.2

A copy of glibc was found in an unexpected directory.
It is not safe to upgrade the C library in this situation;
please remove that copy of the C library and try again.

As you might guess, this blocks apt-get dist-upgrade because it is (not unreasonably) being paranoid about not leaving your system in an completely stuffed state. So I went and consulted the Oracle and found a rather nice page on debugging dpkg dependency problems by Dan Shearer, an ex-Aussie now in Edinburgh.

I’m going to give this a try and see what happens, if you don’t hear from me for a few days then you know I messed something up. 🙂

Update: It worked, all that was needed was:

sudo mkdir /usr/lib/temp
sudo mv /usr/lib/libpthread* /usr/lib/temp/
sudo apt-get install -f
sudo mv /usr/lib/temp/* /usr/lib

Boosting SpamAssassin Usefulness

Posted on October 12, 2006 by Chris Samuel

Found this posting to the spamassassin-users list on my quest to make life a bit harder for the image spammers, looks like it’s working already.. 🙂

Yes, hits=5.433 tag=-100 tag2=5 kill=5 tests=BAYES_00, DK_POLICY_SIGNSOME, FORGED_RCVD_HELO, HELO_DYNAMIC_SPLIT_IP, HTML_10_20, HTML_IMAGE_ONLY_32, HTML_MESSAGE, MIME_HTML_ONLY, RCVD_NUMERIC_HELO, TVD_FW_GRAPHIC_NAME_LONG

The important part there to note is that the Bayesian spam value was very little, but the rest of the tests correctly flagged it as spam.

How Big Was North Korea’s Bomb ?

Posted on October 9, 2006 by Chris Samuel

My good friend Alec wrote on hearing about the DPRK nuclear test:

One presumes that there is a small chance it’ll have been staged with conventionals;

That got me thinking – how large a bomb was it ? We know the USGS detected a mag 4.2 shock so I went hunting around to see if there was an algorithm for converting magnitudes on the Richter Scale into energy, and, hopefully, into kilotons or megatons. It turns out J.C. Lahr wrote up a method for the “Comparison of earthquake energy to nuclear explosion energy” and helpfully included a piece of Fortran code to create a table of comparisons.

A quick “apt-get install gfortran” and a bit of mucking around with the code and I had an approximate answer:

Mag.   Energy      Energy      TNT         TNT         TNT         Hiroshima
       Joules      ft-lbs      tons        megatons   equiv. tons  bombs
4.2   0.126E+12   0.929E+11   0.301E+02   0.301E-04   0.201E+04   0.134E+00

So a magnitude 4.2 earthquake is (roughly) equivalent to a 2 kiloton device, less than one fifth of the size of Hiroshima bomb. This means it’s probably unlikely to have been a conventional device.

So what North Korea tested was fairly small in these days of megaton devices but certainly nothing you’d want to be anywhere near..

Microsoft Promised to Guarantee BayStars Investment in SCO ?

Posted on October 8, 2006 by Chris Samuel

The thlot pickens! Groklaw has “IBM’s Memo in Support of its Motion for SJ on SCO’s Interference Claims” (SJ is summary judgement I believe) and has the interesting quote from Lawrence Goldfarb, a BayStar Capital’s managing partner, about what happened when BayStar invested in SCO after Microsoft introduced them:

“Mr. Emerson and I discussed a variety of investment structures wherein Microsoft would ‘backstop,’ or guarantee in some way, BayStar’s investment…. Microsoft assured me that it would in some way guarantee BayStar’s investment in SCO.”

Apparently Mr Emerson was Microsoft’s “senior VP of corporate development and strategy“, but when BayStar invested things changed:

“Microsoft stopped returning my phone calls and emails, and to the best of my knowledge, Mr. Emerson was fired from Microsoft.”

Richard P. Emerson is on the MSFT’s 2002 list of directors, but is absent from the 2003 list..

SpamHaus Lawsuit (Updated)

Posted on October 8, 2006 by Chris Samuel

There’s been a lot written about a spammer listed by SpamHaus sueing them in the US, but this lawyers account is worth a read. Basically it looks like SpamHaus made a legal mistake in the way they dealt with the US court:

3. That said, Spamhaus had a likely winner of an argument if theyâ€™d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. […] it would have been possible for an attorney to make what is known as a â€œspecial appearanceâ€ before the court without acknowledging the courtâ€™s jurisdiction in the case. Reading the record, Iâ€™m puzzled that this wasnâ€™t the strategy Spamhausâ€™s counsel chose.

4. Unfortunately, since thatâ€™s not what happened, Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today).

Most importantly, he says:

9. Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S. Talk all you want about the evidence that you believe demonstrates e360 is a spammer. Talk about how important Spamhaus is to the functioning of email. But calling the judge stupid doesnâ€™t help the case. Given the record, the judge had little choice other than to do what he did. So far as I can tell, Spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.

Anyway, he says a lot more than that so please go and read.

Update: The spammer who is suing SpamHaus is now being sued themselves in California on 87 counts of spamming.

Prescient Spam Subject

Posted on October 5, 2006 by Chris Samuel

Someone tried to spam me with the subject “bearded civilize“. How did they know ? Us bearded people are the only true way to civilisation!

LUV (Melbourne Chapter) October General Meeting: Intel Architecture and Hacked Slugs

Posted on October 2, 2006 by Chris Samuel

Paraphrased from the original.

Start: Oct 3 2006 – 19:00
End: Oct 3 2006 – 21:00

Location: The Buzzard Lecture Theatre. Evan Burge Building. Trinity College Main Campus. The University of Melbourne. Parkville. Melways Map: 2B C5.

Intel’s Core Architecture by David Jones

David Jones is a Solutions Specialist with Intel Australia specialising in Server Architecture, working directly with end users such as Westpac Bank, Ludwig Cancer Research, VPAC and others advising on latest technologies available from Intel. David has been with Intel for 10 years and in IT for 20 years, coming from a UNIX background. Today David will introduce Intel’s latest Architecture (Core Architecture) and explain the differences between Hyperthreading and Dual Core technologies.

Hacked slugs, solving all your problems with little NAS boxes by Michael Still

This talk will discuss how to get your own version of Linux running on a Linksys NSLU2, known to the Linux community as a slug. This is a consumer grade network attached storage (NAS) system. These devices are quite inexpensive, are physically small, and run on low voltage DC power. I also discuss how to handle having your firmware flash go bad, and provide some thoughts on projects made possible by these devices. The presentation will also include extra demonstrations of the process of flashing and setting up one of these devices.

Ed: as usual there will be a pre-meeting curry at 6pm

Default ATM Passwords

Posted on October 1, 2006 by Chris Samuel

Dear gods, it’s the 80’s all over again, only this time with ATM’s..

In the operator manual freely available on the Web site of a Canadian reseller, a section titled “Programming” provides the specific key sequence that will pop up a screen on the ATM that asks for the master password. It then lists three default passwords – master, service and operator – that could be used to hijack and possibly rig a machine. (emphasis added)

Lets try this again – default passwords are bad, OK ? Sheesh…

Google Celebration

Posted on September 28, 2006 by Chris Samuel

Today is Google’s 8^th birthday..

Google logo celebrating their 8th birthday

The Musings of Chris Samuel

Computers, science, archaeology and other random burblings

Category Archives: Computers