[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.

Thu Jul 25 19:00:19 UTC 2024

On Fri, Jul 26, 2024 at 06:42:55AM +1200, Richard (Rikki) Andrew Cattermole via Digitalmars-d wrote:
> On 25/07/2024 6:48 PM, Walter Bright wrote:
> > I used to spend /weeks/ trying to find memory corruption bugs. Today
> > it's a few seconds. Seg faults are a great gift!
> 
> Right up until they bring down 8.5 million computers world wide, and
> impact almost everyone on the planet.
> 
> We got lucky this time, that there is an "easy" fix to get these
> machines working again.
> 
> It does not matter that there probably won't be a CVE from this
> outage.
> 
> Fact is, some data was sourced, that was not validated before access
> that could have been caught before a world wide outage that took out
> _hospitals_.

Fact is, reading in a file and casting the contents into a pointer
without prior verification is a very unwise thing to do.  No amount of
language features will save you from the consequences.  Somebody has to
write the code to verify the data before acting on it.  If nobody wrote
the verification code, whether program segfaults, continues silently and
corrupts data, formats the harddrive, or launches nuclear missiles, is
really just secondary.

Also, the fact that one tiny flaw like this can bring down half the
computers across the whole world is another major lesson that people
don't seem to be learning from.  Basically, the OS is a single point of
failure; when it fails, you're up the creek without a paddle.  Maybe
it's time somebody pulled a Walter to design fault-resistant redundant
OS instances, airplane-style.  :-P

At the very least, OS upgrades should be handled much more
conservatively than they are right now.  For example, the patched OS
should be something separate from the running OS; it should be brought
up separately before the old OS retires itself and hands over control.
Easier said than done, of course, but given what has happened, people
really need to be thinking about this seriously.

Another factor is, push updates are evil. What really ought to have
happened is that an update notification should have been sent, and the
admins should have approved it before it was actually installed. (After
testing the patch in a controlled environment, before pushing it out to
live systems.) But I'm probably barking up the wrong tree here... people
these days are all gung-ho about fully unattended upgrades and fully
automated everything, who needs anybody to check the sanity of an
upgrade.  Well, we're staring at the consequences of this attitude right
now.

T

-- 
Век живи - век учись. А дураком помрёшь.