NVIDIA - Dangerous folder permissions

Discussion in 'other software & services' started by wat0114, May 17, 2013.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Using AccessEnum to look for potentially dangerous permissions on user directories, NVIDIA looks to have the worst I could find :eek: The one with no permissions is something I've never seen before. I've updated Jetico's Process Attack filter to address these and a few other candidates.
     

    Attached Files:

  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I doubt they will care much, in the past they haven't taken security very seriously until some news article reports on it.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Yeah, I'd be surprised if they addressed it. It's up to the end user, I guess :(
     
  4. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I quite resent all the web plugins that Nvidia trys to push and how it leaves so many processes up and running. I think Linus Torvalds said it best when it comes to Nvidia.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I remember when I had to make a fuss about my bank last year. That's all it took to make them take security serious. It was/is a big bank. I'm pretty sure you can make Nvidia look bad as well. ;)

    I'm actually thinking someone - running a popular tech/security blog/website - could make a link between Nvidia's lack of security and home banking insecurity. :D

    Internet will take care of the rest over time. If people start to link Nvidia to a possible bank account breach, who knows. ;)
     
  6. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    NVIDIA does have a lot of processes, but I don't honestly see all these web plugins you refer to. I'm not one to care what Linus has to say, as he's quite known to spew the BS just as well as any other person and really doesn't deserve the god-like status he's been given. Nor should he forget that, despite its flaws, NVIDIA was supporting Linux when ATI was flipping it the bird.

    Speaking of ATI, their security record isn't clean enough to eat off of either. Both companies have been lackluster and at times quite lazy.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Right, someone with enough clout could probably influence Nvidia to fix the problem. From my pov it's just a reminder to check directories now and again for permissions weaknesses, then take the necessary steps to address them. There are several of them that are overly permissive.
     
  8. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    Luckily I've managed to remove them, you have the option to add them and the way it was phrased in the installation it makes you feel you should have them. There used to be three plugins on all my browsers one was something to do with 3D. I did a reinstall a couple of moths ago and realised they weren't needed. I do wish that Nvidia (and others) would look to do something about security issues rather than pretend they're not their until they become the next target for attack.

    As for Linus' comment it was what he said here that I was alluding too. I meant it as more of a throwaway comment.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    I don't see a problem.
    If someone can enumerate your system, you have bigger issues.
    Mrk
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You don't see a problem in what?
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    What Everyone can access folder ... no. Why. If there's an escalation of privilege that can access a system folder, then I have a bigger problem than folder permissions. Regardless of permissions, something needs to run. If it doesn't run, no harm done.
    Mrk
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    The problem I see with it, and just to be clear I'm not paranoid over it, but it's a problem nonetheless, is that the permissions are way over liberal. It's sloppiness and maybe even laziness on Nvidia's part. Either one of the directories, especially the one with no permissions assigned to it, could be used as a convenient and ideal launch pad for malware to write to and execute from. Of course there are other directories that also provide this sort of convenience, such as the c:\users\* and c:\Windows\Temp (check under special permissions for this one) and one will see the potential dangers the relaxed permissions on them present.

    Absolutely, agreed. This is why I'm a proponent of anti-executables. These non-protected directories and others like them that allow users to write to and execute from need full time surveillance :)
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I initially thought it was Program Files. :argh: It's Program Data.

    A standard/limited user can write to Program Data just fine. I could anyway. lol
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Now, imagine that every developer did that, including in Program Files/Windows directory? I had such an example with my ISP software. o_O
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Yeah, besides the Group/User permissions that allow to read and execute, there's a "special permissions" category as well, at least in my case, that allows users to create files and folders and write data and attributes, append data.

    AccessEnum is a pretty handy tool to find these weak directories, except I don't see a column that shows executable rights.

    Right, it's just that the Full control for Everyone and no permissions on the other folder are worse than what's usually seen under ProgramData.
     
    Last edited: May 19, 2013
Loading...
Thread Status:
Not open for further replies.