On Fri, 08 Mar 2019 09:13:55 +0100 intrigeri <intrig...@debian.org> wrote:
What's the actual impact of this bug? Any user-visible problem?
Makes other profiles useless under their threat model?
nvidia_modprobed is used by LibreOffice profile - it includes `opencl-nvidia` for OpenCL features in
LibreOffice Calc, and in the end, the `nvidia-modprobe` executable is allowed.
Since LibreOffice is in complain mode by default, so I doubt this issue reduces security for default
Debian installation, only for users that enforces LibreOffice profile have reduced confinement
expectations.
No user-visible problems is seen.
nvidia-modprobe is setuid application, and having `nvidia_modrpobe` in enforced mode by default
would reduce attack vectors against LibreOffice, but again, only for users that enforces LO profile.
