1 |
On Mon, 12 Jun 2006 11:16:56 -0700, Evan Klitzke wrote: |
2 |
|
3 |
> I have heard a security argument made that it is safer to compile |
4 |
> everything into the kernel, and disable support for modules entirely. |
5 |
> The reason for this is that if someone can load malicious modules on |
6 |
> your system they can basically circumvent any security systems you are |
7 |
> using, including things like SELinux and grsec. |
8 |
|
9 |
This is only relevant is all your hardware can be supported by in-kernel |
10 |
modules. Add one item that needs a 3rd party module and you are forced to |
11 |
enable module loading. |
12 |
|
13 |
|
14 |
-- |
15 |
Neil Bothwick |
16 |
|
17 |
"Bother," said Pooh, as the vice squad took his GIFS |