Re: [gentoo-user] nvidia-kernel p.masked by hardened profile

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Richard Fish" <bigfish@asmallpond.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] nvidia-kernel p.masked by hardened profile
Date: Tue, 11 Jul 2006 19:08:52 -0700	[thread overview]
Message-ID: <7573e9640607111908x36bc0ecev2a9bb52a46925581@mail.gmail.com> (raw)
In-Reply-To: <20060711224827.GA32071@princeton.edu>

On 7/11/06, Willie Wong <wwong@princeton.edu> wrote:
>  1. nv still doesn't do 3D acceleration, right?

Yes.

>  2. Is there more information about what "more harm than good" means?
>    I tried googling but the only thing I found was a commit log on
>    solar's website with a one-liner about p.masking nvidia-kernel. I
>    want to know what kind of problems that nvidia drivers incur so I
>    can decided whether to give up 3D acceleration, the hardened
>    profile, or ignore solar's advice and unmask the packages.

Well, see what the hardened handbook has to say about binary drivers and x.org:
http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml#doc_chap4

I also found this bug:
http://bugs.gentoo.org/show_bug.cgi?id=139047

There may also be a valid security concern with binary-only kernel
modules: since they cannot be audited for security, one should assume
that they are horribly insecure.  Any exploit here could comprimise
the entire system, so one could argue they are totally inappropriate
for a 'hardened' system.

>  3. Is this (the fact that I am running a hardened profile) the reason
>    that if I 'emerge --pretend --update xorg-x11 --verbose', among the
>    list of VIDEO_CARDS options displayed, I do not see nvidia?

That is correct.  video_cards_nvidia is in the hardened profile's use.mask.

-Richard
-- 
gentoo-user@gentoo.org mailing list

next prev parent reply	other threads:[~2006-07-12  2:17 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-11 22:48 [gentoo-user] nvidia-kernel p.masked by hardened profile Willie Wong
2006-07-12  2:08 ` Richard Fish [this message]
2006-07-12  2:11   ` Richard Fish
2006-07-12  5:04   ` Willie Wong
2006-07-12  5:59     ` Richard Fish
2006-07-12 14:05       ` Willie Wong
2006-07-12 16:52         ` Richard Fish

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7573e9640607111908x36bc0ecev2a9bb52a46925581@mail.gmail.com \
    --to=bigfish@asmallpond.org \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox