> The idea of Linux loading/unloading kernel modules on the fly in a running
> system bothers me, and strikes me as a hell of a security hole if an
> intruder gains the ability to write to the root filesystem. Let's not go
> that route, please.

Actually, the idea is not so bad. If securelevel is set no modules should be 
allowed to be loaded, and you either compile the thing in, or load it at 
boot-time. If, on the other hand, securelevel is not set to a secure level, 
and module loads are allowed, automagically loading and unloading modules 
would not be so bad.

The talk about an indruder being able to write to the root disk doesn't buy 
you much, if he can write to the root fs, he can just insert a new kernel and 
wait for a reboot.

My sleep-deprived idea: load a list of allowed modules into the kernel att 
boot-time, and mark those modules as immutable. Afterwards, only modules from 
the "allowed list" can be loaded. Since the immutable flag is set, the modules 
should be as safe as the kernel itself (provided the securelevel is 
appropriatly set, of course).

Peter