| 1 |
On 2019-03-22, Peter Humphrey <peter@××××××××××××.uk> wrote: |
| 2 |
|
| 3 |
> Years ago, in the days of Yggdrasil I think, |
| 4 |
|
| 5 |
Wow, that triggers a flashback! My first Linux install was Yggdrasil, |
| 6 |
and it took _hours_ to boot. The smartasses at Yggdrasil insisted on |
| 7 |
trying to play an audio clip that said something like "Welcome to |
| 8 |
Yggdrasil" on startup. My machine didn't have an audio card, so the |
| 9 |
fallback was to try to play it by bit-banging the normal PC speaker |
| 10 |
that was connected to a PIO pin. It would sit there clicking the damn |
| 11 |
speaker trying to play the audio clip for most of the afternoon before |
| 12 |
it would continue the startup. I installed a different distro as soon |
| 13 |
as I could get hold of one... |
| 14 |
|
| 15 |
> the received wisdom was that enabling kernel module loading was a |
| 16 |
> bad idea because an attacker might be able to load malicious |
| 17 |
> software directly into the kernel. No modules --> one more attack |
| 18 |
> route closed. |
| 19 |
|
| 20 |
If an atacker can write to your /lib/modules directory, he's got root |
| 21 |
and all is lost: he can just as easily write to your /boot directory |
| 22 |
or anything else, so I don't see why there's any additional risk. |
| 23 |
|
| 24 |
Unless you're talking about loading kernel modules from a flash drive |
| 25 |
you found on the sidewalk... that's definitly a Bad Idea(tm). |
| 26 |
|
| 27 |
> What is the current thinking on this topic? I'm not trolling; I'd |
| 28 |
> like to know which way to go with a new box. |
| 29 |
|
| 30 |
On Gentoo machines, I usually configure the driver with built-in drivers |
| 31 |
for what I need and run mostly module-free except for... |
| 32 |
|
| 33 |
$ lsmod |
| 34 |
Module Size Used by |
| 35 |
nvidia_drm 40960 1 |
| 36 |
nvidia_modeset 1007616 2 nvidia_drm |
| 37 |
nvidia 13877248 117 nvidia_modeset |
| 38 |
|
| 39 |
-- |
| 40 |
Grant Edwards grant.b.edwards Yow! Did I do an INCORRECT |
| 41 |
at THING?? |
| 42 |
gmail.com |
Archives