Mitch Bradley wrote: > From a security standpoint, there is an advantage to building in > everything. The main kernel is verified with a crypto signature before > it is executed. Loading a module without first verifying a > similarly-strong signature weakens the security. >
Loadable kernel modules are enabled in the config. This argument is moot. You can sign modules, RHEL supports this by default and has a boot option for it. More interesting, some cute hacks have been done before to get write access to the kernel through /dev/(k)mem, evading the "protection" of kernels not supporting modules. This is of course fixable. > Modules are a good idea for kernels that are intended to run on a wide > variety of hardware. I am in favor of treating XO like an appliance and > making the kernel as monolithic as possible. I don't favor loading in modules for Joliet and other CD-ROM stuff, for RAMFS (which shouldn't be used anyway, use TMPFS), ROMFS (is this even used?), NTFS, ext2, ext3, etc. that's not with the system by default. All these can be loadable modules. > > _______________________________________________ > Devel mailing list > [email protected] > http://lists.laptop.org/listinfo/devel > -- Bring back the Firefox plushy! http://digg.com/linux_unix/Is_the_Firefox_plush_gone_for_good https://bugzilla.mozilla.org/show_bug.cgi?id=322367 _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
