Ubuntu
nvidia-graphics-drivers-71 package

upstream compiled binaries built without stack flags

Bug #409456 reported by Kees Cook
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-173 (Ubuntu)
Fix Released
Medium
Alberto Milone
nvidia-graphics-drivers-180 (Ubuntu)
Fix Released
Medium
Alberto Milone
nvidia-graphics-drivers-71 (Ubuntu)
Invalid
Undecided
Unassigned
nvidia-graphics-drivers-96 (Ubuntu)
Fix Released
Medium
Alberto Milone

Bug Description

In Karmic (and earlier) the following binaries are compiled without stack flags, which results in an executable stack on i386, and should be fixed[1]:
pool/restricted/n/nvidia-graphics-drivers-180/nvidia-180-libvdpau_185.18.14-0ubuntu3_i386.deb
 /usr/lib/libvdpau.so.185.18.14
 /usr/lib/libvdpau_trace.so.185.18.14
 /usr/lib/libvdpau_nvidia.so.185.18.14
pool/restricted/n/nvidia-graphics-drivers-71/nvidia-glx-71_71.86.08-0ubuntu1_i386.deb
 /usr/lib/libnvidia-tls.so.71.86.08
 /usr/lib/libGLcore.so.71.86.08
 /usr/lib/libGL.so.71.86.08
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/xorg/modules/extensions/libglx.so.71.86.08
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.71.86.08
 /usr/lib/libXvMCNVIDIA.so.71.86.08
pool/restricted/n/nvidia-graphics-drivers-173/nvidia-glx-173_173.14.16-0ubuntu1_i386.deb
 /usr/lib/libXvMCNVIDIA.so.173.14.16
 /usr/lib/libGLcore.so.173.14.16
 /usr/lib/libcuda.so.173.14.16
 /usr/lib/libGL.so.173.14.16
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/libnvidia-cfg.so.173.14.16
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/xorg/modules/extensions/libglx.so.173.14.16
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.173.14.16
 /usr/lib/libnvidia-tls.so.173.14.16
pool/restricted/n/nvidia-graphics-drivers-96/nvidia-glx-96_96.43.10-0ubuntu1_i386.deb
 /usr/bin/nvidia-xconfig
 /usr/lib/libXvMCNVIDIA.so.96.43.10
 /usr/lib/libGL.so.96.43.10
 /usr/lib/nvidia/libnvidia-cfg.so.96.43.10
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/libGLcore.so.96.43.10
 /usr/lib/xorg/modules/extensions/libglx.so.96.43.10
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.96.43.10
 /usr/lib/libnvidia-tls.so.96.43.10
pool/restricted/n/nvidia-graphics-drivers-180/nvidia-glx-180_185.18.14-0ubuntu3_i386.deb
 /usr/bin/nvidia-xconfig
 /usr/lib/libcuda.so.185.18.14
 /usr/lib/libGL.so.185.18.14
 /usr/lib/libXvMCNVIDIA.so.185.18.14
 /usr/lib/libGLcore.so.185.18.14
 /usr/lib/nvidia/libnvidia-cfg.so.185.18.14
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/libnvidia-tls.so.185.18.14
 /usr/lib/xorg/modules/extensions/libglx.so.185.18.14
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.185.18.14

These binaries should either be built correctly, or have their stack markings forced to be disabled, using "execstack -c $target" during the build process (though this would require a trivial MIR for the "prelink" source package to get "execstack" for the build).

[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

See original description
Tags: karmic
Kees Cook (kees)
description: updated
Bryce Harrington (bryce)
tags: added: karmic
Revision history for this message
Alan Pope 🍺🐧🐱 🦄 (popey) wrote :

Using the 185 driver on AMD64 from Kees PPA as per the mail to -devel. Works fine:-

OpenGL vendor string: NVIDIA Corporation
OpenGL renderer string: GeForce 7900 GT/GTO/PCI/SSE2
OpenGL version string: 2.1.2 NVIDIA 185.18.36

Revision history for this message
Greg Grossmeier (greg.grossmeier) wrote :

Using amd64 versions of nvidia-185-modaliases (185.18.36-0ubuntu2~kees3) and fglrx-modaliases (2:8.632-0ubuntu2~kees1)

Working fine on nVidia Corporation NV44 [GeForce 7100 GS] (rev a1)

Revision history for this message
Tim Frost (timfrost) wrote :

nvidia-173 fails with DKMS errors on 64-bit:
Setting up nvidia-173-kernel-source (173.14.16-0ubuntu2~kees2) ...
Removing all DKMS Modules
Done.
Adding Module to DKMS build system
driver version= 173.14.16
Doing initial module build

Error! Bad return status for module build on kernel: 2.6.31-8-generic (x86_64)
Consult the make.log in the build directory
/var/lib/dkms/nvidia/173.14.16/build/ for more information.
Installing initial module

Error! Could not locate nvidia.ko for module nvidia in the DKMS tree.
You must run a dkms build for kernel 2.6.31-8-generic (x86_64) first.
Done.

Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-173 (Ubuntu):
status: New → Triaged
Changed in nvidia-graphics-drivers-180 (Ubuntu):
status: New → Triaged
Changed in nvidia-graphics-drivers-96 (Ubuntu):
status: New → Triaged
Changed in nvidia-graphics-drivers-71 (Ubuntu):
status: New → Invalid
Changed in nvidia-graphics-drivers-180 (Ubuntu):
importance: Undecided → Medium
Changed in nvidia-graphics-drivers-173 (Ubuntu):
importance: Undecided → Medium
Changed in nvidia-graphics-drivers-96 (Ubuntu):
importance: Undecided → Medium
Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-173 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-180 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-96 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-173 (Ubuntu):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-180 (Ubuntu):
status: Triaged → In Progress
Changed in nvidia-graphics-drivers-96 (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-96 - 96.43.13-0ubuntu3

---------------
nvidia-graphics-drivers-96 (96.43.13-0ubuntu3) karmic; urgency=low

  [ Alberto Milone ]
  * debian/control, debian/control.in:
    - Change the section of the -modaliases package to "admin" as the package
      is not "restricted" (LP: #429153).

  [ Kees Cook ]
  * debian/control.in:
    - Add build dependency on execstack.
  * debian/rules:
    - Drop executable stack markings from precompiled binaries (LP: #409456).

 -- Alberto Milone <email address hidden> Fri, 25 Sep 2009 18:31:06 +0200

Changed in nvidia-graphics-drivers-96 (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-173 - 173.14.20-0ubuntu2

---------------
nvidia-graphics-drivers-173 (173.14.20-0ubuntu2) karmic; urgency=low

  [ Alberto Milone ]
  * debian/control, debian/control.in:
    - Change the section of the -modaliases package to "admin" as the package
      is not "restricted" (LP: #429153).

  [ Kees Cook ]
  * debian/control.in:
    - Add build dependency on execstack.
  * debian/rules:
    - Drop executable stack markings from precompiled binaries (LP: #409456).

 -- Alberto Milone <email address hidden> Fri, 25 Sep 2009 18:15:44 +0200

Changed in nvidia-graphics-drivers-173 (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-180 - 185.18.36-0ubuntu4

---------------
nvidia-graphics-drivers-180 (185.18.36-0ubuntu4) karmic; urgency=low

  [ Alberto Milone ]
  * debian/control, debian/control.in:
    - Change the section of the -modaliases package to "admin" as the package
      is not "restricted" (LP: #429153).
    - Add the lpia architecture to the -185 packages.

  [ Kees Cook ]
  * debian/control.in:
    - Add build dependency on execstack.
  * debian/rules:
    - Drop executable stack markings from precompiled binaries (LP: #409456).

 -- Alberto Milone <email address hidden> Thu, 08 Oct 2009 16:42:13 +0200

Changed in nvidia-graphics-drivers-180 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.