probleme de securite avec driver NVidia

Pàgina inicial

Reply to this message
Autor: Jerome Kieffer
Data:  
A: guilde@guilde.asso.fr
Assumpte: probleme de securite avec driver NVidia

Salut,

Sous linux il semble qu'il y ait des problèmes de sécurité avec les
Driver NVIDIA puisque "CUDA" permet de voir quasiment toute la mémoire
du systeme (root ou pas) ...


--
Jérôme KIEFFER
http://www.terre-adelie.org


Sent to CCL by: "Alex A Granovsky" [gran+/-classic.chem.msu.su]
Jim,

the issue is very serious as CUDA functionality is built in into every
(relatively recent)
version of Nvidia graphics drivers for Windows, Linux and OSX. Moreover, to
install
CUDA toolkit (all that is needed to exploit this bug) one does not need any
special
privileges so everybody having access to system with Nvidia video drivers
running
can do this.

After toolkit installation, one just need to write simple C program which
calls
cudaHostAlloc() to allocate sufficiently large piece of pinned memory, and
then
dump all non-zero content to HDD for later examination. One can do this on a
timely
fashion gathering more and more information.

As an example, our simplest "proof of concept" program was able to catch
large fragments of files (or even entire files) being written or read by
other users -
emails, documents, various system logs, inputs, outputs, etc... - virtually
everything
one can imagine to find in the OS file cache and in the released memory of
other programs.

It seems the bug was here from the first days of CUDA. It does not exist
under Windows
(my Microsoft's contacts pointed me out that Windows forcibly zeroes any
memory exported
to user space so most likely this is the reason why it is not here), and I
have not checked OSX
as of yet.

However, every owner of Nvidia graphics card running Linux and Nvidia
graphics drivers
should now consider switching to Nouveau driver, or even to GPUs of other
vendors
(or maybe to Windows OS :) ).

As to Nvidia's response, it was really strange - their point was that if
application does not like
its data to be visible by other programs/users via this security issue, it
should explicitly clear
data in memory before releasing it. This is really strange and absolutely
wrong idea, moreover,
the contents of OS file cache, unused physical memory etc... cannot be
cleared from within user
programs at all.

More globally, this is a question of how trustworthy are all proprietary
drivers which are capable to expose memory into user space.

Alex


----- Original Message -----
> From: "Jim Kress ccl_nospam=-=kressworks.com" <owner-chemistry ~~ ccl.net>

To: "Granovsky, Alex, A. " <gran ~~ classic.chem.msu.su>
Sent: Friday, January 07, 2011 6:44 PM
Subject: CCL: CUDA/Linux security hole - serious issue


>
> Sent to CCL by: "Jim Kress" [ccl_nospam#%#kressworks.com]
> This appears to be a serious security issue that must be addressed by
> Nvidia. What has been their response?
>
> Have other members of the CCL noticed this serious issue and/or received
> support from Nvidia?
>
> Jim
>
> > -----Original Message-----
> > From: owner-chemistry+ccl_nospam==kressworks.com%x%ccl.net [mailto:owner-
> > chemistry+ccl_nospam==kressworks.com%x%ccl.net] On Behalf Of Alex A
> > Granovsky gran%x%classic.chem.msu.su
> > Sent: Thursday, January 06, 2011 9:17 AM
> > To: Kress, Jim
> > Subject: CCL: CUDA/Linux security hole
> >
> >
> > Sent to CCL by: "Alex A Granovsky" [gran(!)classic.chem.msu.su]
> > Dear CCLers,
> >
> > I'd ask you to draw your attention to the two recent posts on the
> > Firefly's QC
> > discussion forum:
> >
> > http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?
> > C35e9ea936bHW-7675-1380-00.htm
> >
> > http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?
> > C35e9ea936bHW-7676-1022+00.htm
> >
> > The reason is not the Firefly package itself, nor it is the announce of
> > availability of Linux/CUDA enabled Firefly version. The actual reason
> > is
> > the very important security hole we found a couple of days ago in Linux
> > CUDA drivers. This hole is described in two posts mentioned above, and
> > the only available workaround we know right now is to completely
> > disable
> > CUDA drivers on all multi-user Linux systems and clusters.
> >
> > Kind regards,
> >
> > Alex Granovsky,
> > Firefly Project.> To recover the email address of the author of the

message, please
> > change>
>
>




-= This is automatically added to each message by the mailing script =-
To recover the email address of the author of the message, please change
the strange characters on the top line to the @ sign. You can also
look up the X-Original-From: line in the mail header.

E-mail to subscribers: CHEMISTRY@??? or use:
      http://www.ccl.net/cgi-bin/ccl/send_ccl_message


E-mail to administrators: CHEMISTRY-REQUEST@??? or use
      http://www.ccl.net/cgi-bin/ccl/send_ccl_message


Subscribe/Unsubscribe: 
      http://www.ccl.net/chemistry/sub_unsub.shtml


Before posting, check wait time at: http://www.ccl.net

Job: http://www.ccl.net/jobs
Conferences: http://server.ccl.net/chemistry/announcements/conferences/

Search Messages: http://www.ccl.net/chemistry/searchccl/index.shtml

If your mail bounces from CCL with 5.7.1 error, check:
      http://www.ccl.net/spammers.txt


RTFI: http://www.ccl.net/chemistry/aboutccl/instructions/