tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

module(7) man page tweaks



Index: share/man/man7/module.7
===================================================================
RCS file: /cvsroot/src/share/man/man7/module.7,v
retrieving revision 1.3
diff -u -p -r1.3 module.7
--- share/man/man7/module.7	30 Jun 2011 20:09:15 -0000	1.3
+++ share/man/man7/module.7	21 Sep 2015 23:03:20 -0000
@@ -35,11 +35,11 @@
 .Sh DESCRIPTION
 Kernel modules allow the system administrator to
 dynamically add and remove functionality from a running system.
-This ability also helps software developers to develop
+This also helps software developers add
 new parts of the kernel without constantly rebooting to
 test their changes.
 .Pp
-Additionally, the kernel may automatically load software modules as
+The kernel may automatically load software modules as
 needed to perform requested operations.
 For example, an
 .Dq xyzfs
@@ -80,11 +80,11 @@ One potential problem specific to block 
 is that the device nodes must exist for the devices to be accessed.
 These need to be created manually, after the driver module has been
 successfully loaded.
-The majority of the device driver modules however does not
+Most device driver modules do not
 need any manual intervention to function properly.
 .Ss Execution Interpreters
 Execution Interpreters can be loaded to provide support for executing
-binaries not normally supported by kernel.
+binaries not normally supported by the kernel.
 This also allows loading
 support for executing foreign system binaries.
 Execution Interpreters may require that an appropriate
@@ -99,16 +99,15 @@ An example of a "miscellaneous module" m
 card-specific VGA drivers or alternate terminal emulations in
 an appropriately layered console driver.
 .Ss Security-Model modules
-Alternate system security models may loaded using the
-.Nm
-facility.
+Alternate system security models also may be loaded using
+.Nm .
 .Sh EXAMPLES
 The common build tool of
 .Nx ,
 .Dq build.sh ,
 automatically compiles and installs all
 modules during a full system build and install.
-Sometimes it is however useful to update only modules.
+However, sometimes it is useful to update only modules.
 The following example demonstrates one way to do this.
 It is assumed that the source code is under
 .Pa /usr/src ,
@@ -187,13 +186,14 @@ It may be a good practice to maintain a 
 in the root file system for recovery purposes.
 .Sh SECURITY CONSIDERATIONS
 A module becomes part of the kernel once loaded.
-Compared to userland programs, all errors in the code can be fatal.
+Unlike in userland programs, fatal errors in kernel modules
+may crash the operating system.
 There is no memory protection between modules and the rest of the kernel.
 Hence, a potential attacker with access to the
 .Xr modctl 2
-system call can acquire complete and total control over the system.
+system call can acquire total control over the system.
 .Pp
-To avoid associated security risks, new modules can only be loaded when
+To avoid such security risks, new modules can only be loaded when
 .Pa securelevel
 is less than or equal to zero, or if the kernel was built with
 .Cd options INSECURE .


Home | Main Index | Thread Index | Old Index