1 |
On 2019-03-22, Peter Humphrey <peter@××××××××××××.uk> wrote: |
2 |
|
3 |
> Years ago, in the days of Yggdrasil I think, |
4 |
|
5 |
Wow, that triggers a flashback! My first Linux install was Yggdrasil, |
6 |
and it took _hours_ to boot. The smartasses at Yggdrasil insisted on |
7 |
trying to play an audio clip that said something like "Welcome to |
8 |
Yggdrasil" on startup. My machine didn't have an audio card, so the |
9 |
fallback was to try to play it by bit-banging the normal PC speaker |
10 |
that was connected to a PIO pin. It would sit there clicking the damn |
11 |
speaker trying to play the audio clip for most of the afternoon before |
12 |
it would continue the startup. I installed a different distro as soon |
13 |
as I could get hold of one... |
14 |
|
15 |
> the received wisdom was that enabling kernel module loading was a |
16 |
> bad idea because an attacker might be able to load malicious |
17 |
> software directly into the kernel. No modules --> one more attack |
18 |
> route closed. |
19 |
|
20 |
If an atacker can write to your /lib/modules directory, he's got root |
21 |
and all is lost: he can just as easily write to your /boot directory |
22 |
or anything else, so I don't see why there's any additional risk. |
23 |
|
24 |
Unless you're talking about loading kernel modules from a flash drive |
25 |
you found on the sidewalk... that's definitly a Bad Idea(tm). |
26 |
|
27 |
> What is the current thinking on this topic? I'm not trolling; I'd |
28 |
> like to know which way to go with a new box. |
29 |
|
30 |
On Gentoo machines, I usually configure the driver with built-in drivers |
31 |
for what I need and run mostly module-free except for... |
32 |
|
33 |
$ lsmod |
34 |
Module Size Used by |
35 |
nvidia_drm 40960 1 |
36 |
nvidia_modeset 1007616 2 nvidia_drm |
37 |
nvidia 13877248 117 nvidia_modeset |
38 |
|
39 |
-- |
40 |
Grant Edwards grant.b.edwards Yow! Did I do an INCORRECT |
41 |
at THING?? |
42 |
gmail.com |