Email or username:

Password:

Forgot your password?
Top-level
Nick @ The Linux Experiment

@bouncing No, it’s that the OS should be able to recover gracefully, not go into a BSOD boot loop

6 comments
Brian Reiter

@thelinuxEXP @bouncing if it hypothetically rebooted and refused to load the crashing kernel module then doesn’t it mean that crashing a module is equivalent to denying access to the service or hardware that depends on the module? In this case it would mean you can bypass whatever “security” is provided by CrowdStrike by crashing the module.

Ken Kinder :clubtwit:

@breiter @thelinuxEXP Linux systems have bootloops too.

I imagine I can give you a one-line shell command that will make your computer unbootable. Does that mean it’s just pure incompetence from the kernel developers? Of course not.

Nick @ The Linux Experiment

@bouncing @breiter There’s a difference between “send me a script that wipes /“ and “a kernel module is faulty therefore you can’t boot anymore”.

Ken Kinder :clubtwit:

@thelinuxEXP @breiter Is there? Surely a kernel module which, by law, “has the same access” as Microsoft’s first party ones, could make a system unbootable.

I’m not saying there’s not a bug that can be fixed but basically by definition, that whole rule is a security and reliability hole.

Nick @ The Linux Experiment

@breiter @bouncing Well, yeah, but I’d argue most people would prefer having a working system that reboots once, than having protection for a potential threat that might or might not be there in the time it takes for the faulty model to be updated.

Brian Reiter

@thelinuxEXP @bouncing I’m not sure that is actually true at all in the market where CrowdStrike is used. The module exists for mandatory SOC-2 or other compliance (which is not to be confused with security) requirements. Deploying CrowdStrike is a checkbox for the compliance people making this decision. If you could bypass it then it’s not really doing the required thing.

Go Up