Stephen Hemminger wrote: > If user asks for a congestion control type with setsockopt() then it > may be available as a module not included in the kernel already. > It should be autoloaded if needed. This is done already when > the default selection is change with sysctl, but not when application > requests via sysctl. > > Only reservation is are there any bad security implications from this?
There are already a quite large number of precedents for this, I think this is one of the less questionable ones, the potential for (local) damage is limited to minimal tcp_ca_find performance impact if I don't miss anything (assuming no bugs in the modules that cause crashes or something like that). The in my opinion most questionable autoloading is in af_netlink BTW, it will autoload any netlink provider with an appropriate module alias, which could be just about anything (examples include conntrack, which has performance and other side-effects, ULOG, which in turn loads iptables, xfrm_user, connector, ...). Other autoloading is usually limited to a clear scope of what might be affected. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html