tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel



>  > > It would seem to be intentional.  After all, kernel modules can
>  > > do all sorts of nasty things if they want to.
>  > 
>  > In that case, module autoload/autounload is not functional at all and
>  > we have to specify all possible necessary modules explicitly
>  > during boot time??
> 
> Yes. Otherwise it's quite easy to defeat securelevel by causing the
> loading of a module that resets it to -1.

Hmm, what do you think about this feature?
Only available in INSECURE environment?

>> Working file: kern_module.c
>> revision 1.26
>> date: 2008/11/14 23:06:45;  author: ad;  state: Exp;  lines: +85 -3
>> - If the system encounters a severe memory shortage, start unloading
>>   unused kernel modules.
>> - Try to unload any autoloaded kernel modules 10 seconds after their
>>   load was successful.

---
Izumi Tsutsui


Home | Main Index | Thread Index | Old Index