| 1 |
On Mon, 12 Jun 2006 11:16:56 -0700, Evan Klitzke wrote: |
| 2 |
|
| 3 |
> I have heard a security argument made that it is safer to compile |
| 4 |
> everything into the kernel, and disable support for modules entirely. |
| 5 |
> The reason for this is that if someone can load malicious modules on |
| 6 |
> your system they can basically circumvent any security systems you are |
| 7 |
> using, including things like SELinux and grsec. |
| 8 |
|
| 9 |
This is only relevant is all your hardware can be supported by in-kernel |
| 10 |
modules. Add one item that needs a 3rd party module and you are forced to |
| 11 |
enable module loading. |
| 12 |
|
| 13 |
|
| 14 |
-- |
| 15 |
Neil Bothwick |
| 16 |
|
| 17 |
"Bother," said Pooh, as the vice squad took his GIFS |
Archives