From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Module philosophy: Compile-in or Load
Date: Mon, 12 Jun 2006 14:00:14 -0700 [thread overview]
Message-ID: <448DD5DE.1040001@badapple.net> (raw)
In-Reply-To: <fab7f7b40606121116w1f23dd2dofe34085714017984@mail.gmail.com>
Evan Klitzke wrote:
> On 6/11/06, Anthony E. Caudel <acaudel@gt.rr.com> wrote:
>> I was wondering what gentoo-users think and practice about kernel
>> modules. Do most compile them in the kernel or load them at boot-up.
>
> I have heard a security argument made that it is safer to compile
> everything into the kernel, and disable support for modules entirely.
> The reason for this is that if someone can load malicious modules on
> your system they can basically circumvent any security systems you are
> using, including things like SELinux and grsec.
If an attacker can load malicious modules into your kernel I'd argue
that your security model has already failed and failed spectacularly.
Sounds like security as thought up by someone who has never had to
managed a system unless someone has a plausible attack scenario.
kashani
--
gentoo-user@gentoo.org mailing list
prev parent reply other threads:[~2006-06-12 21:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-12 5:24 [gentoo-user] Module philosophy: Compile-in or Load Anthony E. Caudel
2006-06-12 5:30 ` Teresa and Dale
2006-06-12 6:20 ` Anthony E. Caudel
2006-06-13 3:35 ` Teresa and Dale
2006-06-12 5:37 ` gentuxx
2006-06-12 5:44 ` Steven Susbauer
2006-06-12 6:31 ` Mike Huber
2006-06-12 6:33 ` Mike Huber
2006-06-12 6:23 ` Kristian Poul Herkild
2006-06-12 8:39 ` Michael Weyershäuser
2006-06-12 14:05 ` Daniel da Veiga
2006-06-12 21:47 ` Anthony E. Caudel
2006-06-12 23:10 ` Mike Huber
2006-06-13 0:40 ` Ryan Tandy
2006-06-17 11:17 ` Mick
2006-06-17 13:40 ` Michael Weyershäuser
2006-06-17 13:42 ` Anthony E. Caudel
2006-06-17 17:08 ` Mick
2006-06-17 17:28 ` Erik Westenbroek
2006-06-18 12:46 ` Michael Weyershäuser
2006-06-12 18:16 ` Evan Klitzke
2006-06-12 18:38 ` Jarry
2006-06-12 19:16 ` Neil Bothwick
2006-06-12 21:00 ` kashani [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=448DD5DE.1040001@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox