yuezk
May 23, 2022, 8:46am
1
I’m using Nvidia Linux driver 510.73.05. And found that the nvidia-dbus.conf
contains the following configurations:
<allow send_requested_reply="true"/>
<allow receive_requested_reply="true"/>
This will lead to all the dbus services on the OS can be called without explicit permissions.
BTW, dbus itself has had the same security issue before, see 18229 – send_requested_reply="true" allows all non-reply messages for details.
1 Like
birdie
May 24, 2022, 11:07am
2
I have NVIDIA drivers 510.73.05 installed and I don’t have this file. Could it come from your distro/packager?
yuezk
May 24, 2022, 3:27pm
3
The absolute path is /usr/share/dbus-1/system.d/nvidia-dbus.conf
.
I’m using the package from the Arch community repo.
But you can find the nvidia-dbus.conf if you extract the driver downloaded from
https://www.nvidia.com/Download/driverResults.aspx/188994/en-us
birdie
May 24, 2022, 10:09pm
4
I have a full installation, the file is not here.
yuezk
May 24, 2022, 11:44pm
5
The absolute path on my system is /usr/share/dbus-1/system.d/nvidia-dbus.conf
. I posted the wrong path in my previous reply.
And I downloaded NVIDIA-Linux-x86_64-510.73.05.run from the official download site. Extracted it with the command sh ./NVIDIA-Linux-x86_64-510.73.05.run --extract-only
, then I can found the nvidia-dbus.conf
inside the extracted folder.
~/Downloads/NVIDIA-Linux-x86_64-510.73.05
❯ ls -lh nvidia-dbus.conf
-rw-r--r-- 1 kevin kevin 254 5月 7日 13:17 nvidia-dbus.conf
~/Downloads/NVIDIA-Linux-x86_64-510.73.05
❯ cat nvidia-dbus.conf
<busconfig>
<type>system</type>
<policy context="default">
<allow own="nvidia.powerd.client"/>
<allow own="nvidia.powerd.server"/>
<allow send_requested_reply="true"/>
<allow receive_requested_reply="true"/>
</policy>
</busconfig>
I will try to install it in a VM to see whether the official driver would install the nvidia-dbus.conf
or not.
find / -xdev -type f | grep dbus | grep nvidia
./usr/share/doc/NVIDIA_GLX-1.0/nvidia-dbus.conf
Only in docs and it’s not used. Also this file does not match what you’ve got installed. Blame your packager.
yuezk
May 25, 2022, 11:00am
7
unsr
May 25, 2022, 6:37pm
8
It’s part of the Dynamic Boost feature,
https://download.nvidia.com/XFree86/Linux-x86_64/510.73.05/README/dynamicboost.html
Even if it’s not present by default it still needs to be implemented in a secure way.
yuezk
May 29, 2022, 10:00am
10
As others have already mentioned it’s part of the Dynamic Boost feature as stated in the docs so no matter if a packager installs the file or the official docs advises people to do so (to my understanding the docs are also the main source for packagers) the outcome would be the same and the issue has to be fixed on the nvidia side to ship a sane nvidia-dbus.conf with their installer which does not implicate any security issues. Note: On Exherbo Linux our nvidia-drivers package also installed this file (due to this issue temporarily disabled …)
FYI, this should be addressed by the latest round of NVIDIA driver security releases: Security Bulletin: NVIDIA GPU Display Driver - August 2022 | NVIDIA
This issue was assigned CVE‑2022‑31608.
I think the proper content for nvidia-dbus.conf is:
<busconfig>
<type>system</type>
<policy context="default">
<allow own="nvidia.powerd.client"/>
<allow own="nvidia.powerd.server"/>
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<allow receive_requested_reply="true" receive_type="method_return"/>
<allow receive_requested_reply="true" receive_type="error"/>
<allow send_destination="nvidia.powerd.server"/>
<allow receive_sender="nvidia.powerd.client"/>
</policy>
</busconfig>
2 Likes