ATI Drivers 12.6 Support ASLR!

I’m very pleased to announce that ATI is now supporting ASLR for its 12.6 beta drivers. This is great news as I’ve blogged about this stupid design decision in the past.

Thanks commenter tedbrogan for bringing this to my attention.

With the GPU Drivers now supporting ASLR many systems will be able to enable ASLR system wide. ASLR depends heavily on all areas of an address space being randomized so this is fairly significant.

Get your ATI Drivers here:

http://support.amd.com/us/gpudownload/Pages/index.aspx

Looks Like CERT Reads InsanityBit

Only joking, of course but coincidentally CERT.org has written a post highlighting something I’d mentioned a few days ago. There’s the bit about EMET for Full ASLR, which I wrote about here and AMD/ATI using a hardcoded address space, which I wrote about here.

I’m really happy to see this getting attention from CERT, which is just way more legit than my blog. Hopefully they’ll get ATI to fix their crap.

P.S. CERT, tell them to fix the overflow in 12.3 as well. It’s annoying.

Why I Won’t Be Buying ATI Again

I run a nice midrange laptop with a nice i5 520m, 8GB of RAM, a hybrid drive, and an ATI 5650.

The performance is really exactly as I’d expect, I can play the games I want to play and I can watch HD videos while I browser and talk to friends all at once without a stutter and without my computer burning up.

The GPU has performed admirably and I’m entirely happy with its performance.

But AMD for whatever reason (I guess performance) will not work with PAX or full system ASLR. There are actually buffer overflows in the code that prevent me from turning ASLR on to the full extent that I’d like and because of the hardcoded address space I can’t (at least on Windows) turn ASLR to anything other than “Application Opt-In.”

That’s really not acceptable. GPU security issues aren’t super new and they’re plenty talked about. I get that in the past it wasn’t a priority, of course. But things have changed. We have OpenGL now and we have the GPU integrated into virtually every process. The GPU isn’t just about games (which are also now online) it’s used in everything… like my browser (or this?), like Flash, my UI, and multiple other programs.

AMD/ATI, step it up. I may not be buying another system for years but if I were buying one tomorrow I’d go nVidia.