I was doing a little research on my ATI 3D RAGE PRO video card and found this:
http://dri.freedesktop.org/wiki/ATIMach ... ryHardware
ATI video drivers from DRI are not secure
ATI video drivers from DRI are not secure
The truth is out there.
You should not panic about that.
Most of these buffer overflow-errors are just relevant in a "laboratoriuos" situation.
In the wild, you have almost no programs that use them for an attack.
Also, you had to install such a program like this.
As puppy is a kind of "universe in itself" with its own packagemanagement, there is small danger of getting infected programs.
For Linux as such, you usually just find rootkits (trojans), that are purposed to infect machines running as puplic servers.
On Desktopsystems you usually won't find viruses, as most Linuxsystems don't run as root and like this are not attractive, also the inhomogeneus situation between different distros makes it difficult to spread malicious code.
Another point is the "repository-system".
For example each Debian-package has a "maintainer".
If something malicious would be found, he would remove or update the package.
Different to Windows-programs, programs are not available on a variety of Shareware or even worse Cracker-sites, but just in maintained repositories.
Mark
Most of these buffer overflow-errors are just relevant in a "laboratoriuos" situation.
In the wild, you have almost no programs that use them for an attack.
Also, you had to install such a program like this.
As puppy is a kind of "universe in itself" with its own packagemanagement, there is small danger of getting infected programs.
For Linux as such, you usually just find rootkits (trojans), that are purposed to infect machines running as puplic servers.
On Desktopsystems you usually won't find viruses, as most Linuxsystems don't run as root and like this are not attractive, also the inhomogeneus situation between different distros makes it difficult to spread malicious code.
Another point is the "repository-system".
For example each Debian-package has a "maintainer".
If something malicious would be found, he would remove or update the package.
Different to Windows-programs, programs are not available on a variety of Shareware or even worse Cracker-sites, but just in maintained repositories.
Mark
-
tempestuous
- Posts: 5464
- Joined: Fri 10 Jun 2005, 05:12
- Location: Australia
When first made available on MU's site, I did point out that this driver is "insecure" -
http://www.murga.org/%7Epuppy/viewtopic ... c&start=48
... it's good that MU has now explained what this really means.
To install the mach64 driver, you need to install these packages -
http://dotpups.de/dotpups/XServer/DRI-Kernelmodules.pup
http://noforum.de/dotpups/X11R6addons/d ... driver.pup
http://noforum.de/dotpups/X11R6addons/OpenGL.pup
Modify your xorg.conf with an editor - in Section "Module" check that Load "dbe" and Load "glx" are there. Add this line -
Load "dri"
Your DRI/DRM module needs to be loaded with this command "install-DRI mach64", then restart the Xserver.
Or you can add this command to /root/.etc/rc.d/rc.local, and the Xserver will launch with functional DRI.
http://www.murga.org/%7Epuppy/viewtopic ... c&start=48
... it's good that MU has now explained what this really means.
To install the mach64 driver, you need to install these packages -
http://dotpups.de/dotpups/XServer/DRI-Kernelmodules.pup
http://noforum.de/dotpups/X11R6addons/d ... driver.pup
http://noforum.de/dotpups/X11R6addons/OpenGL.pup
Modify your xorg.conf with an editor - in Section "Module" check that Load "dbe" and Load "glx" are there. Add this line -
Load "dri"
Your DRI/DRM module needs to be loaded with this command "install-DRI mach64", then restart the Xserver.
Or you can add this command to /root/.etc/rc.d/rc.local, and the Xserver will launch with functional DRI.
