Email or username:

Password:

Forgot your password?
Nick @ The Linux Experiment's posts Post Back to profile
Top-level
Ken Kinder :clubtwit:

@thelinuxEXP So as a Linux user, your contention is that a ring 0 privileged application, with root access to all kernel functions, should never be able to crash the system?

23 July at 8:08 | Wall-to-wall | Open on twit.social
9 comments
Nick @ The Linux Experiment

@bouncing No, it’s that the OS should be able to recover gracefully, not go into a BSOD boot loop

23 July at 8:47 | Open on mastodon.social
Brian Reiter

@thelinuxEXP @bouncing if it hypothetically rebooted and refused to load the crashing kernel module then doesn’t it mean that crashing a module is equivalent to denying access to the service or hardware that depends on the module? In this case it would mean you can bypass whatever “security” is provided by CrowdStrike by crashing the module.

23 July at 9:09 | Open on hachyderm.io
Ken Kinder :clubtwit:

@breiter @thelinuxEXP Linux systems have bootloops too.

I imagine I can give you a one-line shell command that will make your computer unbootable. Does that mean it’s just pure incompetence from the kernel developers? Of course not.

23 July at 9:14 | Open on twit.social
Nick @ The Linux Experiment

@bouncing @breiter There’s a difference between “send me a script that wipes /“ and “a kernel module is faulty therefore you can’t boot anymore”.

23 July at 9:17 | Open on mastodon.social
Ken Kinder :clubtwit:

@thelinuxEXP @breiter Is there? Surely a kernel module which, by law, “has the same access” as Microsoft’s first party ones, could make a system unbootable.

I’m not saying there’s not a bug that can be fixed but basically by definition, that whole rule is a security and reliability hole.

23 July at 9:23 | Open on twit.social
Nick @ The Linux Experiment

@breiter @bouncing Well, yeah, but I’d argue most people would prefer having a working system that reboots once, than having protection for a potential threat that might or might not be there in the time it takes for the faulty model to be updated.

23 July at 9:16 | Open on mastodon.social
Brian Reiter

@thelinuxEXP @bouncing I’m not sure that is actually true at all in the market where CrowdStrike is used. The module exists for mandatory SOC-2 or other compliance (which is not to be confused with security) requirements. Deploying CrowdStrike is a checkbox for the compliance people making this decision. If you could bypass it then it’s not really doing the required thing.

23 July at 9:21 | Open on hachyderm.io
Murat

@bouncing The OS should run such apps under certain protections. M$ should display some seriousness for f..k sake, not every app is minesweeper nondeterministic.computer/@mjg

23 July at 9:00 | Open on fosstodon.org
Ken Kinder :clubtwit:

@muratk5n pcmag.com/news/why-did-crowdst

> As Microsoft's Chief Communications Officer, Frank X. Shaw, noted on X, a 2009 agreement between the European Commission and Microsoft required Redmond to give security software the same level of access to Windows as Microsoft itself.

By definition, the kernel does not run in a sandbox.

If you’re giving third party apps the same access as Windows, they can crash Windows.

23 July at 9:07 | Open on twit.social
Go Up