Subject: Re: loading lkm's
To: Matthias Scheler <tron@lyssa.owl.de>
From: Chris G. Demetriou <cgd@cs.cmu.edu>
List: current-users
Date: 03/15/1997 23:26:36
> BTW I would like to see an option that enables module loading in
> multi user mode but doesn't allow the other things that come with
> "options INSECURE".

So, let's think about this for a second.

The purpose of the various 'secure' modes is to keep users, including
root, from doing 'bad things' (writing to disks inappropriately,
writing to kmem or mem, disabling files' immutability, etc.).

If you allow loading of LKMs in these 'secure' modes, what's to
prevent those LKMs from disabling kernel security, thereby defeating
the complete notion of kernel security?  There's already a sample LKM
which can do that for any hacker who might want it...


So, how is 'secure but with LKMs enabled' at all different (from a
security perspective) from 'insecure'?



cgd