[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kernel module loading vs securelevel
On Sat, Oct 16, 2010 at 08:53:52PM +0900, Izumi Tsutsui wrote:
> > > Hmm, what do you think about this feature?
> > > Only available in INSECURE environment?
> > We trust modules at the time when they're installed into the trusted
> > place, same as kernel itself. I think prohibiting module load at
> > run-time is rather pointless.
> Well I think the point is whether we should require INSECURE or not
> to use module autoload/autounload after multiuser.
> If we should I'll enable options INSECURE by default on ports
> that require options MODULAR (to save kernel file size).
Do not do that. You will introduce a significant security regression
just for your own convenience.
Main Index |
Thread Index |