| 1 |
Evan Klitzke wrote: |
| 2 |
> On 6/11/06, Anthony E. Caudel <acaudel@×××××.com> wrote: |
| 3 |
>> I was wondering what gentoo-users think and practice about kernel |
| 4 |
>> modules. Do most compile them in the kernel or load them at boot-up. |
| 5 |
> |
| 6 |
> I have heard a security argument made that it is safer to compile |
| 7 |
> everything into the kernel, and disable support for modules entirely. |
| 8 |
> The reason for this is that if someone can load malicious modules on |
| 9 |
> your system they can basically circumvent any security systems you are |
| 10 |
> using, including things like SELinux and grsec. |
| 11 |
|
| 12 |
If an attacker can load malicious modules into your kernel I'd argue |
| 13 |
that your security model has already failed and failed spectacularly. |
| 14 |
Sounds like security as thought up by someone who has never had to |
| 15 |
managed a system unless someone has a plausible attack scenario. |
| 16 |
|
| 17 |
kashani |
| 18 |
-- |
| 19 |
gentoo-user@g.o mailing list |
Archives