[I'm adding bsd-lkm as I like the idea of all bsd's sharing lkm design. 
I'm leaving current-users as I'm not on bsd-lkm. Would tech-kern be
better?]

On 7 Nov 1996, Michael Graff wrote:

> Jim Wise <jw250@columbia.edu> writes:
[snip one load suggestion]
> I was going to suggest the following for this sort of thing:
> 
> (1) a command, run at securelevel 0, which does an md5 hash and remembers
>     the size and name of an LKM, and gives this to the kernel.
> (2) a userland daemon.  If you want dynamic loading, you run this.
> (3) a command to load a module which was previously identified in the
>     kernel.
> 
> This would more or less remove security holes from the LKM loading after
> securelevel 0 is gone part I believe.

This idea sounds quite workable. I think you're right about closing
security holes. Would it be reasonable to support multiple versions of the
same module? The idea would be to support testing of a new module in a
"real" environment.

I.E. you have both modules around at boot (and you've tested the new one
and think it's ok). You load one of them (the new one) and let users test
it. If it causes problems (you/they found new bugs), you unload that
version and load a fall-back, working version w/o rebooting. Obviously
you'd loose all functionality of the module when you rip it out.

Take care,

Bill