From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G0UI5-0003TU-OO for garchives@archives.gentoo.org; Wed, 12 Jul 2006 02:17:30 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k6C2FCOJ026879; Wed, 12 Jul 2006 02:15:12 GMT Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k6C28qsw029483 for ; Wed, 12 Jul 2006 02:08:52 GMT Received: by ug-out-1314.google.com with SMTP id m2so100389ugc for ; Tue, 11 Jul 2006 19:08:52 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=DktlOn1wt1EDX3EuV7jCljRUY5NuAXobafYJB792fpxyoWMjf5parYaRz3axobykX7pEVd9LOvtmPAItBS4JqLTwAl3UpiR+zY32H3NKAzTFwqueacbIN2N8GAByFeBDeqsp2QnohFV7SbUT0gG5zows+edVZvKvkvSQKtm7m2M= Received: by 10.78.122.11 with SMTP id u11mr80604huc; Tue, 11 Jul 2006 19:08:52 -0700 (PDT) Received: by 10.78.20.11 with HTTP; Tue, 11 Jul 2006 19:08:52 -0700 (PDT) Message-ID: <7573e9640607111908x36bc0ecev2a9bb52a46925581@mail.gmail.com> Date: Tue, 11 Jul 2006 19:08:52 -0700 From: "Richard Fish" Sender: richard.j.fish@gmail.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] nvidia-kernel p.masked by hardened profile In-Reply-To: <20060711224827.GA32071@princeton.edu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060711224827.GA32071@princeton.edu> X-Google-Sender-Auth: 94a9b6c917bf4557 X-Archives-Salt: 4ca461d2-b00b-4436-a088-0876f8e4b68f X-Archives-Hash: ce1ee90f5d266ff663c848a4b7033ddc On 7/11/06, Willie Wong wrote: > 1. nv still doesn't do 3D acceleration, right? Yes. > 2. Is there more information about what "more harm than good" means? > I tried googling but the only thing I found was a commit log on > solar's website with a one-liner about p.masking nvidia-kernel. I > want to know what kind of problems that nvidia drivers incur so I > can decided whether to give up 3D acceleration, the hardened > profile, or ignore solar's advice and unmask the packages. Well, see what the hardened handbook has to say about binary drivers and x.org: http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml#doc_chap4 I also found this bug: http://bugs.gentoo.org/show_bug.cgi?id=139047 There may also be a valid security concern with binary-only kernel modules: since they cannot be audited for security, one should assume that they are horribly insecure. Any exploit here could comprimise the entire system, so one could argue they are totally inappropriate for a 'hardened' system. > 3. Is this (the fact that I am running a hardened profile) the reason > that if I 'emerge --pretend --update xorg-x11 --verbose', among the > list of VIDEO_CARDS options displayed, I do not see nvidia? That is correct. video_cards_nvidia is in the hardened profile's use.mask. -Richard -- gentoo-user@gentoo.org mailing list