1 |
Evan Klitzke wrote: |
2 |
> On 6/11/06, Anthony E. Caudel <acaudel@×××××.com> wrote: |
3 |
>> I was wondering what gentoo-users think and practice about kernel |
4 |
>> modules. Do most compile them in the kernel or load them at boot-up. |
5 |
> |
6 |
> I have heard a security argument made that it is safer to compile |
7 |
> everything into the kernel, and disable support for modules entirely. |
8 |
> The reason for this is that if someone can load malicious modules on |
9 |
> your system they can basically circumvent any security systems you are |
10 |
> using, including things like SELinux and grsec. |
11 |
|
12 |
If an attacker can load malicious modules into your kernel I'd argue |
13 |
that your security model has already failed and failed spectacularly. |
14 |
Sounds like security as thought up by someone who has never had to |
15 |
managed a system unless someone has a plausible attack scenario. |
16 |
|
17 |
kashani |
18 |
-- |
19 |
gentoo-user@g.o mailing list |