• 0 Posts
  • 16 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle



  • I have yet to find a memory hungry program thats its caused by its dependencies instead of its data. And frankly the disk space of all libraries is minuscule compared to graphical assets.

    You know what’s going to really bother the issue? If the program doesn’t work because of a dependency. And this happens often across all OSes, searching for these are dime a dozen in forums. “Package managers should just fix all the issues”. Until they don’t, wrong versions get uploaded, issues compiling them, environment problems, etc etc.

    So to me, the idea of efficiency for dynamic linking doesn’t really cut it. A bloated program is more efficient that a program that doesn’t work.

    This is not to say that dynamic linking shouldn’t be used. For programs doing any kind of elevation or administration, it’s almost always better from a security perspective. But for general user programs? Static all the way.











  • Yes and no. It’s an escalations issue. Even with administrator access, you are not supposed[note1] to be allowed to install drivers with invalid signature, which supposedly haven an even high chain of trust (although this really iffy unless you are using secureboot as well but that’s another discussion).

    That said, when the attacker already has admin privileges you are so far in the compromised chain that the kernel driver is an issue, but you are most likely completely fucked anyways.

    This just makes your vulnerability state to be the same as in linux, where your drivers arent required to be signed in the first place, for example.

    [note 1]: There’s a caveat, with admin acess you can disable driver signatures entirely, using bcdedit, this is called test signing and leaves a visible watermark at all times with “Test signing enabled”, therefore the user can already see that the computer is compromised. Its mostly useful for devs (or attacking people who dont give a fuck).



  • Linux Kernel is kind of a bad example since its one of the examples of project scaling with many people from many companies. Even if you want to go with its inception, it came from Unix which already had many people. Of course, its also one of the best examples of actual leadership, proper technical people management, which is something very hard to come by. Its also a great example of how to divide your design and make it scalable, so people are working on different parts totally independent on each other.

    That’s all actual, proper, work, not whatever crappy slide presentation passes as leadership on many places.