In message <200602201726.MAA19825@Sparkle.Rodents.Montreal.QC.CA>, der Mouse wr
ites:
>>> I'm with you.  I've been hacking kernels (or the equivalent) since
>>> 1967.  I'd much rather have LKMs.  If I were king, I'd decree that
>>> *all* device drivers must be loadable, and *all* device drivers
>>> should be dynamically loaded except for those that are necessary to
>>> boot the system and read in new device drivers.
>
>If I were trying to build hardened systems, I'd be really glad you're
>not king.  One of the first things I do when building a
>security-critical system is remove LKM capability.  Securing one file
>(which may not even be a normal file) on boot media is a significantly
>easier task than securing a few dozen files in the running system's
>filesystem.
>
You're right that it needs to be possible to build static kernels.  I'd 
love a framework where the identical .o could be used either way. 


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb