[nycbug-talk] kernels

Roland C. Dowdeswell elric
Thu Jun 3 18:01:55 EDT 2004


On 1086299387 seconds since the Beginning of the UNIX epoch
Bob Ippolito wrote:
>

>On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
>
>> On 1086295432 seconds since the Beginning of the UNIX epoch
>> Bob Ippolito wrote:
>>>
>>
>>> The security argument is kind of silly, because if that really was a
>>> concern you could add a sysctl that lets you turn module loading off
>>> (forever) at runtime.  So you boot up, load your modules, and turn
>>> module loading off.  In practice, nobody really does this (as far as I
>>> know) because only root can load kernel modules and root can do
>>> whatever he wants anyway, whether or not the kernel is split into 1 or
>>> 1000 pieces.
>>
>> There are things that you do not want to allow even root to do
>> without dropping into single user mode on the console.  And you
>> have to disable LKM loading in order to get there.  E.g. on NetBSD
>> in secure level > 0, root cannot grovel the PCI bus and directly
>> access hardware, write to immutable files, etc.
>
>Sure, but that is completely orthogonal to *having* LKM.  It's very 
>easy to have a kill-switch sysctl that turns it off until the next 
>reboot.

Yes, of course.  I was just pointing out that one of your assertions,
``root can do whatever he wants anyway'' is not entirely accurate.
I was not arguing that a switch to turn off LKM loading would not
solve the issue, in fact that's how NetBSD deals with it.  LKMs
are not allowed to be loaded or unloaded in securelevel > 0.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/




More information about the talk mailing list