Subject: Re: LKMs (was Re: IPSEC in GENERIC)
To: None <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 02/20/2006 12:23:09
>> I'm with you. I've been hacking kernels (or the equivalent) since
>> 1967. I'd much rather have LKMs. If I were king, I'd decree that
>> *all* device drivers must be loadable, and *all* device drivers
>> should be dynamically loaded except for those that are necessary to
>> boot the system and read in new device drivers.
If I were trying to build hardened systems, I'd be really glad you're
not king. One of the first things I do when building a
security-critical system is remove LKM capability. Securing one file
(which may not even be a normal file) on boot media is a significantly
easier task than securing a few dozen files in the running system's
filesystem.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B