Ubuntu
nvidia-graphics-drivers package

/dev/nvidia* is world writable

Bug #979307 reported by Kees Cook on 2012-04-11

272

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	nvidia-graphics-drivers (Ubuntu)	Triaged	High	Unassigned

Bug Description

leaving /dev/nvidia* world-writable exposes systems to future vulnerabilities even from remote users. This file should be limited to the console user instead (usually done with dynamic file ACLs).

Kees Cook (kees) on 2012-04-11

visibility:

private → public

Revision history for this message

Alex Murray (alexmurray) wrote on 2012-04-12:

More info here: http://nvidia.custhelp.com/app/answers/detail/a_id/3109

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-04-12:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nvidia-graphics-drivers (Ubuntu):
status:	New → Confirmed

Revision history for this message

Maarten Lankhorst (mlankhorst) wrote on 2012-05-03:

Easy workaround would be to change /lib/udev/rules.d/50-udev-default.rules :

KERNEL=="nvidia*|nvidiactl*", GROUP="video", MODE="0660"

However that requires current user to be in the video group, and that will probably cause a lot of issues on its own, since by default users are not part of the video group, and probably not a change you want to push except in a next major release.

Bryce Harrington (bryce) on 2012-05-07

Changed in nvidia-graphics-drivers (Ubuntu):
status:	Confirmed → Triaged
importance:	Undecided → High

Marc Deslauriers (mdeslaur) on 2012-06-20

Changed in nvidia-graphics-drivers (Ubuntu):
assignee:	nobody → Marc Deslauriers (mdeslaur)

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-06-20:

How about adding nvidia* to /lib/udev/rules.d/70-udev-acl.rules and getting permissions added by consolekit?

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-06-20:

OK, using udev doesn't work, as the device nodes and permissions are created by the binary driver when X starts.

See:
http://us.download.nvidia.com/XFree86/Linux-x86/295.59/README/faq.html

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2012-08-01:

Some info here:

http://www.openwall.com/lists/oss-security/2012/08/01/9

Marc Deslauriers (mdeslaur) on 2012-10-15

Changed in nvidia-graphics-drivers (Ubuntu):
assignee:	Marc Deslauriers (mdeslaur) → nobody

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunvidia-graphics-drivers package

/dev/nvidia* is world writable

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
nvidia-graphics-drivers package