this post was submitted on 19 Jul 2024
1264 points (99.5% liked)

Programmer Humor

19623 readers
89 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -1 points 4 months ago* (last edited 4 months ago) (2 children)

TL;DR: Because the underlying OS is garbage.

Whatever CrowdStrike's "features" are should already be core security features of the kernel itself, or be exposed/extracted into user space.

NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.

No different to the gaming anti-cheat kernel crap.

Having a "security" tool immediately compromise your actual security is absurd.

[–] [email protected] 5 points 4 months ago

I'd love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn't one of the cases where we're talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it's just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

[–] [email protected] 3 points 4 months ago

I, too, work in a similar type of company, and can confirm from experience that Linux can get just as absolutely fucked up by a bad kernel module as windows.

And it's not just changes to the module that can cause things to go wrong.

For example, the kernel released alongside the latest Ubuntu LTS included a change that conflicted with our module behaviour, so machines with that kernel or newer would panic on boot.

It was a super minor change, but when you're deep in the weeds, it's really easy for these things to be brittle. But that's just an inherent consequence of the fact that this sort of stuff is intrinsically low-level interaction with the OS itself.