|
|
|
|
|
|
by ryuuchin
3611 days ago
|
|
|
> That implies running Windows, though. Indeed. My knowledge on Linux is pretty limited but I seem to remember that Nvidia fixed something which let you use Pax/grsecurity protections you otherwise couldn't. This still implies loading a binary blob but certain kernel protections could still help you IIRC (DEP?). I could be misremembering. I can't check since grsecurity set their twitter to protected. I'm not sure what Chrome does aside from having a separate GPU process and whether or not any sanitizing takes place. They're pretty good with stuff like that so it would surprise me if some amount of protection wasn't offered. Edit: There are some patches from the Pax folks for Nvidia drivers which I believe help with PAX_USERCOPY[1][2]? Although that may just be for getting it working... [1] https://grsecurity.net/~paxguy1/ [2] https://grsecurity.net/~paxguy1/nvidia-drivers-367.35-pax.pa... (example) |
|
|
(Indeed, I have to use those patches otherwise the nvidia kernel module wouldn't compile)