Roland C. Dowdeswell
Thu Jun 3 18:01:55 EDT 2004
On 1086299387 seconds since the Beginning of the UNIX epoch
Bob Ippolito wrote:
>On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
>> On 1086295432 seconds since the Beginning of the UNIX epoch
>> Bob Ippolito wrote:
>>> The security argument is kind of silly, because if that really was a
>>> concern you could add a sysctl that lets you turn module loading off
>>> (forever) at runtime. So you boot up, load your modules, and turn
>>> module loading off. In practice, nobody really does this (as far as I
>>> know) because only root can load kernel modules and root can do
>>> whatever he wants anyway, whether or not the kernel is split into 1 or
>>> 1000 pieces.
>> There are things that you do not want to allow even root to do
>> without dropping into single user mode on the console. And you
>> have to disable LKM loading in order to get there. E.g. on NetBSD
>> in secure level > 0, root cannot grovel the PCI bus and directly
>> access hardware, write to immutable files, etc.
>Sure, but that is completely orthogonal to *having* LKM. It's very
>easy to have a kill-switch sysctl that turns it off until the next
Yes, of course. I was just pointing out that one of your assertions,
``root can do whatever he wants anyway'' is not entirely accurate.
I was not arguing that a switch to turn off LKM loading would not
solve the issue, in fact that's how NetBSD deals with it. LKMs
are not allowed to be loaded or unloaded in securelevel > 0.
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the talk