Has anyone put any thought into putting restrictions on what a module
can modify when loaded into the kernel? If there is, say, ever binary
third party driver support and this is provided without source some
restrictions on what kernel data this module can link to and modify
when loaded might be a good idea.

I was thinking something along the lines of a list of symbols that a
kernel module may call, and a list of symbols that a kernel module may
modify. Allowing the update of these lists may be a little tricky to
prevent already load modules from detecting this and adding their own

Doing this with module types might be simple. When a module is loaded
it would contain flags to the module type(s) it is uses and this
selects the list of symbols it may interact with. A module may be then
be used to update these symbols but root is warned and must OK a load
of a kernel module with the type which allows updating the symbol

With the module types it would also help prevent a module from messing
around in an area that is not expected from such a module. e.g. a
network driver messing around in the VFS.

Any thoughts?

- Jason

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to