On Sat, Oct 16, 2010 at 08:53:52PM +0900, Izumi Tsutsui wrote: > > > Hmm, what do you think about this feature? > > > Only available in INSECURE environment? > > > We trust modules at the time when they're installed into the trusted > > place, same as kernel itself. I think prohibiting module load at > > run-time is rather pointless. > > Well I think the point is whether we should require INSECURE or not > to use module autoload/autounload after multiuser. > > If we should I'll enable options INSECURE by default on ports > that require options MODULAR (to save kernel file size).
Do not do that. You will introduce a significant security regression just for your own convenience. Thor
