On 2019-03-22, Peter Humphrey <[email protected]> wrote:
> Years ago, in the days of Yggdrasil I think,
Wow, that triggers a flashback! My first Linux install was Yggdrasil,
and it took _hours_ to boot. The smartasses at Yggdrasil insisted on
trying to play an audio clip that said something like "Welcome to
Yggdrasil" on startup. My machine didn't have an audio card, so the
fallback was to try to play it by bit-banging the normal PC speaker
that was connected to a PIO pin. It would sit there clicking the damn
speaker trying to play the audio clip for most of the afternoon before
it would continue the startup. I installed a different distro as soon
as I could get hold of one...
> the received wisdom was that enabling kernel module loading was a
> bad idea because an attacker might be able to load malicious
> software directly into the kernel. No modules --> one more attack
> route closed.
If an atacker can write to your /lib/modules directory, he's got root
and all is lost: he can just as easily write to your /boot directory
or anything else, so I don't see why there's any additional risk.
Unless you're talking about loading kernel modules from a flash drive
you found on the sidewalk... that's definitly a Bad Idea(tm).
> What is the current thinking on this topic? I'm not trolling; I'd
> like to know which way to go with a new box.
On Gentoo machines, I usually configure the driver with built-in drivers
for what I need and run mostly module-free except for...
$ lsmod
Module Size Used by
nvidia_drm 40960 1
nvidia_modeset 1007616 2 nvidia_drm
nvidia 13877248 117 nvidia_modeset
--
Grant Edwards grant.b.edwards Yow! Did I do an INCORRECT
at THING??
gmail.com
