Thu Jun 3 17:49:47 EDT 2004
On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
> On 1086295432 seconds since the Beginning of the UNIX epoch
> Bob Ippolito wrote:
>> The security argument is kind of silly, because if that really was a
>> concern you could add a sysctl that lets you turn module loading off
>> (forever) at runtime. So you boot up, load your modules, and turn
>> module loading off. In practice, nobody really does this (as far as I
>> know) because only root can load kernel modules and root can do
>> whatever he wants anyway, whether or not the kernel is split into 1 or
>> 1000 pieces.
> There are things that you do not want to allow even root to do
> without dropping into single user mode on the console. And you
> have to disable LKM loading in order to get there. E.g. on NetBSD
> in secure level > 0, root cannot grovel the PCI bus and directly
> access hardware, write to immutable files, etc.
Sure, but that is completely orthogonal to *having* LKM. It's very
easy to have a kill-switch sysctl that turns it off until the next
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2357 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040603/30a67e3d/attachment.bin
More information about the talk