You are viewing a single thread.
View all comments View context
-1 points
*

TL;DR: Because the underlying OS is garbage.

Whatever CrowdStrike’s “features” are should already be core security features of the kernel itself, or be exposed/extracted into user space.

NT was supposed to be a micro kernel. That this tool injects itself into the kernel immediately compromises the kernel. Edit: I should point out that it seems that CS injects drivers into the Linux kernel too, it might just be that Linux handles a driver crash more elegantly.

No different to the gaming anti-cheat kernel crap.

Having a “security” tool immediately compromise your actual security is absurd.

permalink
report
parent
reply
5 points

I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

permalink
report
parent
reply
3 points

I, too, work in a similar type of company, and can confirm from experience that Linux can get just as absolutely fucked up by a bad kernel module as windows.

And it’s not just changes to the module that can cause things to go wrong.

For example, the kernel released alongside the latest Ubuntu LTS included a change that conflicted with our module behaviour, so machines with that kernel or newer would panic on boot.

It was a super minor change, but when you’re deep in the weeds, it’s really easy for these things to be brittle. But that’s just an inherent consequence of the fact that this sort of stuff is intrinsically low-level interaction with the OS itself.

permalink
report
parent
reply

Programmer Humor

!programmer_humor@programming.dev

Create post

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

  • Keep content in english
  • No advertisements
  • Posts must be related to programming or programmer topics

Community stats

  • 2K

    Monthly active users

  • 861

    Posts

  • 14K

    Comments