• 0 Posts
  • 13 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle










  • Yes and no. It’s an escalations issue. Even with administrator access, you are not supposed[note1] to be allowed to install drivers with invalid signature, which supposedly haven an even high chain of trust (although this really iffy unless you are using secureboot as well but that’s another discussion).

    That said, when the attacker already has admin privileges you are so far in the compromised chain that the kernel driver is an issue, but you are most likely completely fucked anyways.

    This just makes your vulnerability state to be the same as in linux, where your drivers arent required to be signed in the first place, for example.

    [note 1]: There’s a caveat, with admin acess you can disable driver signatures entirely, using bcdedit, this is called test signing and leaves a visible watermark at all times with “Test signing enabled”, therefore the user can already see that the computer is compromised. Its mostly useful for devs (or attacking people who dont give a fuck).



  • Linux Kernel is kind of a bad example since its one of the examples of project scaling with many people from many companies. Even if you want to go with its inception, it came from Unix which already had many people. Of course, its also one of the best examples of actual leadership, proper technical people management, which is something very hard to come by. Its also a great example of how to divide your design and make it scalable, so people are working on different parts totally independent on each other.

    That’s all actual, proper, work, not whatever crappy slide presentation passes as leadership on many places.