From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-43624-garchives=archives.gentoo.org@gentoo.org>)
	id 1Fpr9z-00055q-06
	for garchives@archives.gentoo.org; Mon, 12 Jun 2006 18:29:11 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k5CIRDFw003468;
	Mon, 12 Jun 2006 18:27:13 GMT
Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183])
	by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k5CIGuYe004890
	for <gentoo-user@lists.gentoo.org>; Mon, 12 Jun 2006 18:16:57 GMT
Received: by py-out-1112.google.com with SMTP id x31so1768946pye
        for <gentoo-user@lists.gentoo.org>; Mon, 12 Jun 2006 11:16:56 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=TgGempORXNQ169T+I+Hnd6ujF3PXTGKLaDts9il8lgN/SzzRNIHev3Axku02/CTGDNvaWsNhvOppgig6menW1P/iGvawGVPBU/fjrNgGt++HkyVGO48trrmgGwbsX6ZwxXAo8E8LB66fl2cdG/Wa16ci1s0ZWSV5pOdzsPv9bI0=
Received: by 10.35.45.14 with SMTP id x14mr1216573pyj;
        Mon, 12 Jun 2006 11:16:56 -0700 (PDT)
Received: by 10.35.125.14 with HTTP; Mon, 12 Jun 2006 11:16:56 -0700 (PDT)
Message-ID: <fab7f7b40606121116w1f23dd2dofe34085714017984@mail.gmail.com>
Date: Mon, 12 Jun 2006 11:16:56 -0700
From: "Evan Klitzke" <eklitzke@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Module philosophy: Compile-in or Load
In-Reply-To: <448CFAAA.7030102@gt.rr.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <448CFAAA.7030102@gt.rr.com>
X-Archives-Salt: 707126a0-abaa-4054-b8bc-4d275c198f39
X-Archives-Hash: ae7e34ba63b68a96444b54a38cc25b5c

On 6/11/06, Anthony E. Caudel <acaudel@gt.rr.com> wrote:
> I was wondering what gentoo-users think and practice about kernel
> modules.  Do most compile them in the kernel or load them at boot-up.

I have heard a security argument made that it is safer to compile
everything into the kernel, and disable support for modules entirely.
The reason for this is that if someone can load malicious modules on
your system they can basically circumvent any security systems you are
using, including things like SELinux and grsec.

-- Evan Klitzke
-- 
gentoo-user@gentoo.org mailing list