Evan Klitzke wrote:
On 6/11/06, Anthony E. Caudel <[EMAIL PROTECTED]> wrote:
I was wondering what gentoo-users think and practice about kernel
modules. Do most compile them in the kernel or load them at boot-up.
I have heard a security argument made that it is safer to compile
everything into the kernel, and disable support for modules entirely.
The reason for this is that if someone can load malicious modules on
your system they can basically circumvent any security systems you are
using, including things like SELinux and grsec.
If an attacker can load malicious modules into your kernel I'd argue
that your security model has already failed and failed spectacularly.
Sounds like security as thought up by someone who has never had to
managed a system unless someone has a plausible attack scenario.
kashani
--
gentoo-user@gentoo.org mailing list
