* Philipp Kern <pk...@debian.org> [111226 12:02]: > Sorry, but what kind of argumentation is that? If the admin doesn't notice > reboots and/or file tampering, I could just replace the kernel with my > modified > one and reboot. Now of course you could increase your paranoia and boot the > kernel from an immutable disc. But then I'd just load all relevant modules in > the initramfs and set modules_disabled there instead of doing custom built > kernels just to get rid of modules.
As you pointed out so nicely: modules_disabled is only a replacement if you have a custom initramfs and do not allow that to be modified automatically. So from the point of the original discussion, modules_disabled is no solution. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111226180337.gb2...@server.brlink.eu