The CrowdStrike thing happened a Friday too soon :) Which got me thinking. We give third party software a lot of permission in kernel mode, when in fact they are most likely not involved in the kernel development. And we ship updates to this software that get interpreted and execute actions in kernel space.
The only real difference from malware here is intent. Which reminded me of this old story where the author of an AdWare described how they used tinyscheme for their purpose.
Or the case when a friend figured out that a driver was crashing because it was using an XML parser (not designed for kernel space) to parse five lines of XML.
Or when Prolog was used in the WindowsNT kernel.
Random thoughts of the day.
Have a lovely weekend.
Managing organized complexity 