tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel



On Sat, Oct 16, 2010 at 08:53:52PM +0900, Izumi Tsutsui wrote:
> > > Hmm, what do you think about this feature?
> > > Only available in INSECURE environment?
> 
> > We trust modules at the time when they're installed into the trusted
> > place, same as kernel itself.  I think prohibiting module load  at
> > run-time is rather pointless.
> 
> Well I think the point is whether we should require INSECURE or not
> to use module autoload/autounload after multiuser.
> 
> If we should I'll enable options INSECURE by default on ports
> that require options MODULAR (to save kernel file size).

Do not do that.  You will introduce a significant security regression
just for your own convenience.

Thor


Home | Main Index | Thread Index | Old Index