Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Lensflare1709579dI heard that it was caused by a null pointer, so yes, Rust would have in fact prevented it.
-
@Lensflare I heard it involved a function that took more arguments than they called it with. They didn't sanitize the input at all before trying to use it in a regex.
-
netikras3519279d@lorentz I've heard from one source that the crowdstrike engine is running in kernelspace. It's well tested and all the NPEs (allegedly) are caught. What happened with this fuckup, is a crowdsrtike update was fed through some IPC mechanism (pipes?) to the engine, and one of the update files was nullified. The engine tried to load instructions from that file and got a segfault. And segfaults in kernelspace is not something taken lightly.
I haven't double-checked this info, so take it with a grain of salt.
If it's true, IDK how Rust would prevent it from recurring. Then again, I'm not a rust dev :) -
Demolishun3478879dIt was this code:
bool globalTakeDown;
...
if(globalTakeDown){
kernelFault();
}
You see globalTakeDown is supposed to stay false. But it was uninitialized. So it became RNG. -
@netikras
The Rapid Response Content for Channel File 291 instructed the Content
Interpreter to read the 21st entry of the input pointer array. However, the IPC Template Type
only generates 20 inputs. As a result, once Rapid Response Content was delivered that
used a non-wildcard matching criterion for the 21st input, the Content Interpreter performed
an out-of-bounds read of the input array.
Here's the whole RCA document provided by Crowdstrike https://web.archive.org/web/... -
retoor1176876d@Demolishun didn't compile with - Wall - Wextra. I recently lint my c apps with clang-tidy. Clang tidy even has opinions about stdlib. But it fins like this:
While(true){
Loop = 1
Loop *= 2
Loop = 0
}
Two warnings that gcc doesn't give: Loop var is never read. Last line doesn't make sense because initial value get set at beginning. Quite advanced tool.
Happy it doesn't do childish things like sort imports or add space here or newline there. C linter only cares about real stuff
Switch to rust, that'll fix it. 🥴
random
management problem