Gregory's Server@thelinuxEXP @bouncing if it hypothetically rebooted and refused to load the crashing kernel module then doesn’t it mean that crashing a module is equivalent to denying access to the service or hardware that depends on the module? In this case it would mean you can bypass whatever “security” is provided by CrowdStrike by crashing the module.
|
5 comments
 @thelinuxEXP @breiter Is there? Surely a kernel module which, by law, “has the same access” as Microsoft’s first party ones, could make a system unbootable. I’m not saying there’s not a bug that can be fixed but basically by definition, that whole rule is a security and reliability hole. @thelinuxEXP @bouncing I’m not sure that is actually true at all in the market where CrowdStrike is used. The module exists for mandatory SOC-2 or other compliance (which is not to be confused with security) requirements. Deploying CrowdStrike is a checkbox for the compliance people making this decision. If you could bypass it then it’s not really doing the required thing. |
@breiter @thelinuxEXP Linux systems have bootloops too.
I imagine I can give you a one-line shell command that will make your computer unbootable. Does that mean it’s just pure incompetence from the kernel developers? Of course not.