From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fps6z-00034x-M0 for garchives@archives.gentoo.org; Mon, 12 Jun 2006 19:30:10 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k5CJRjFe025751; Mon, 12 Jun 2006 19:27:45 GMT Received: from rutherford.zen.co.uk (rutherford.zen.co.uk [212.23.3.142]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k5CJGdeH008277 for ; Mon, 12 Jun 2006 19:16:40 GMT Received: from [82.69.83.178] (helo=desiato.digimed.co.uk) by rutherford.zen.co.uk with esmtp (Exim 4.34) id 1Fprtv-0000wl-OV for gentoo-user@lists.gentoo.org; Mon, 12 Jun 2006 19:16:39 +0000 Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.2]) by desiato.digimed.co.uk (Postfix) with ESMTP id E05F1142201A for ; Mon, 12 Jun 2006 20:16:38 +0100 (BST) Date: Mon, 12 Jun 2006 20:16:39 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Module philosophy: Compile-in or Load Message-ID: <20060612201639.5df7b181@hactar.digimed.co.uk> In-Reply-To: References: <448CFAAA.7030102@gt.rr.com> Organization: Digital Media Production X-Mailer: Sylpheed-Claws 2.3.0 (GTK+ 2.8.18; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary=Sig_RYyeAhlYDmaGS9jjf5pD01Y; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Originating-Rutherford-IP: [82.69.83.178] X-Archives-Salt: 05bc8858-b844-46c5-a0d8-4b8c864a4b25 X-Archives-Hash: 2c6f801b889fa9151dcc8038d35997ab --Sig_RYyeAhlYDmaGS9jjf5pD01Y Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 12 Jun 2006 11:16:56 -0700, Evan Klitzke wrote: > I have heard a security argument made that it is safer to compile > everything into the kernel, and disable support for modules entirely. > The reason for this is that if someone can load malicious modules on > your system they can basically circumvent any security systems you are > using, including things like SELinux and grsec. This is only relevant is all your hardware can be supported by in-kernel modules. Add one item that needs a 3rd party module and you are forced to enable module loading. --=20 Neil Bothwick "Bother," said Pooh, as the vice squad took his GIFS --Sig_RYyeAhlYDmaGS9jjf5pD01Y Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjb2Xum4al0N1GQMRAhRxAKCFGebIIlLdcPOFoU9PE0BCCCp8PgCgv3EO s12kX4qykykypP6C20ZDV74= =QqDx -----END PGP SIGNATURE----- --Sig_RYyeAhlYDmaGS9jjf5pD01Y-- -- gentoo-user@gentoo.org mailing list