* [gentoo-hardened] CUDA
@ 2011-11-12 19:11 Radosław Smogura
2011-11-12 20:37 ` Matt Thode
0 siblings, 1 reply; 4+ messages in thread
From: Radosław Smogura @ 2011-11-12 19:11 UTC (permalink / raw
To: gentoo-hardened
Hello,
May I ask if nvidia is still hardend unfriendly? I need CUDA available.
Alternativly may I get what is wrong with this driver, I may check new
versions with CUDA.
Regrads,
Radek
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-hardened] CUDA
2011-11-12 19:11 [gentoo-hardened] CUDA Radosław Smogura
@ 2011-11-12 20:37 ` Matt Thode
2011-11-13 16:15 ` Alex Efros
0 siblings, 1 reply; 4+ messages in thread
From: Matt Thode @ 2011-11-12 20:37 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 496 bytes --]
On Nov 12, 2011, at 1:11 PM, Radosław Smogura wrote:
> Hello,
>
> May I ask if nvidia is still hardend unfriendly? I need CUDA available.
> Alternativly may I get what is wrong with this driver, I may check new
> versions with CUDA.
>
> Regrads,
> Radek
>
nvidia drivers still don't play well yet.
There are ways to get it working (some people have) but I don't know what exactly they did (I know they paxmarked everything nvidia touches (I think -m).
-- Matthew Thode
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 881 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-hardened] CUDA
2011-11-12 20:37 ` Matt Thode
@ 2011-11-13 16:15 ` Alex Efros
2011-11-13 19:05 ` Pavel Labushev
0 siblings, 1 reply; 4+ messages in thread
From: Alex Efros @ 2011-11-13 16:15 UTC (permalink / raw
To: gentoo-hardened
Hi!
On Sat, Nov 12, 2011 at 02:37:40PM -0600, Matt Thode wrote:
> > May I ask if nvidia is still hardend unfriendly? I need CUDA available.
> nvidia drivers still don't play well yet.
>
> There are ways to get it working (some people have) but I don't know what exactly they did (I know they paxmarked everything nvidia touches (I think -m).
Actually it sounds much worse than it is. Usually it's enough to paxctl -m
only few binaries: Xorg, mplayer and vmware-vmx.
I'm using CUDA only for "flacuda" encoder, which is .NET's .exe executed by
dev-lang/mono (which is already paxmarked by default).
On my hardened/nvidia workstation there are several other binaries needs -m,
but this probably have nothing with nvidia/CUDA: air-sdk, amarok, firefox.
P.S. I'm pretty sure it's much better to have full-featured (including
accelerated 3D and CUDA) hardened workstation with partially relaxed
protection on some binaries, than full-featured non-hardened workstation
or hardened workstation without these (important for workstation) features.
And I don't understood why you didn't add few paxmarking commands into
several ebuilds and just say nvidia on hardened is supported out of box...
instead of pretending there are some unknown critical issues with nvidia
on hardened. I don't know, maybe there are some applications which are
really have some issues, but I'm running more or less usual hardened
workstation with nvidia for years without any issues except needs in few
paxmarking mentioned above.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-hardened] CUDA
2011-11-13 16:15 ` Alex Efros
@ 2011-11-13 19:05 ` Pavel Labushev
0 siblings, 0 replies; 4+ messages in thread
From: Pavel Labushev @ 2011-11-13 19:05 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]
14.11.2011 00:15, Alex Efros пишет:
> P.S. I'm pretty sure it's much better to have full-featured (including
> accelerated 3D and CUDA) hardened workstation with partially relaxed
> protection on some binaries, than full-featured non-hardened workstation
> or hardened workstation without these (important for workstation) features.
http://www.securiteam.com/unixfocus/6A00E20H5A.html
"There have been multiple public reports of this NVIDIA bug on the NVNews
forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA's first public
acknowledgement of this bug was on July 7th, 2006. In a public posting [1]
on the NVNews forum, an NVIDIA employee reported having reproduced the
problem, assigned it bug ID 239065, and promised a fix would be forthcoming.
As of the publication date, the latest NVIDIA binary driver is still
vulnerable. Furthermore, it is our opinion that NVIDIA's binary driver
remains an unacceptable security risk based on the large numbers of
reproducible, unfixed crashes that have been reported in public forums and
bug databases. This number does not include bugs reported directly to NVIDIA."
Suit yourself.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-11-13 19:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-12 19:11 [gentoo-hardened] CUDA Radosław Smogura
2011-11-12 20:37 ` Matt Thode
2011-11-13 16:15 ` Alex Efros
2011-11-13 19:05 ` Pavel Labushev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox