Yes, direct rendering requires user access to the device nodes. (Indirect rendering does not.) Restricting device node write access to root would still allow X and indirect rendering to work, provided that X runs as root.
Users who wish to run CUDA/OpenCL applications would also need write access to the device nodes.
We're investigating strategies to block this exploit on the driver end. We're having another internal meeting about this tonight; I'll make it one of the agenda items to discuss other potential workarounds that don't require a driver change.
Since this is an existing vulnerability, how does it impact the release schedule for Precise, if at all, given that previous releases are equally affected? This is obviously a high priority issue for NVIDIA; for our tracking purposes, I just wanted to know how urgent this is on your end.
Yes, direct rendering requires user access to the device nodes. (Indirect rendering does not.) Restricting device node write access to root would still allow X and indirect rendering to work, provided that X runs as root.
Users who wish to run CUDA/OpenCL applications would also need write access to the device nodes.
We're investigating strategies to block this exploit on the driver end. We're having another internal meeting about this tonight; I'll make it one of the agenda items to discuss other potential workarounds that don't require a driver change.
Since this is an existing vulnerability, how does it impact the release schedule for Precise, if at all, given that previous releases are equally affected? This is obviously a high priority issue for NVIDIA; for our tracking purposes, I just wanted to know how urgent this is on your end.