• @[email protected]
    link
    fedilink
    21
    edit-2
    4 months ago

    Because it isn’t. Their Linux sensor also uses a kernel driver, which means they could have just as easily caused a looping kernel panic on every Linux device it’s installed on.

    • YTG123
      link
      fedilink
      24 months ago

      There’s no way of knowing that, though. Perhaps their Linux and Darwin drivers wouldn’t have paniced the system?

      Regardless, doing almost anything at the kernel level is never a good idea

      • @[email protected]
        link
        fedilink
        64 months ago

        Also, it’s less about “their” drivers and more about what a kernel module can do.
        Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.

        “Malformed file” isn’t a programming defect or something you can fix by having a better API.

        • @[email protected]
          link
          fedilink
          14 months ago

          Having the data exposed to userspace via an API would avoid having to have a kernel module at all… Which when malformed wouldn’t compromise the kernel.

          • @[email protected]
            link
            fedilink
            44 months ago

            I mean, sure. But typically operating systems don’t expose that type of information to user space, instead providing a kernel interface with user mode configuration.

            It’s why they use the same basic approach on mac and Linux.

      • @[email protected]
        link
        fedilink
        54 months ago

        Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can’t in user mode.