> > IMHO, this is a _much_ better solution than having the kernel go looking
> > for LKMs as needed, as it allows explicit control over which LKMs the
> > kernel can load, and also allows ldconfig-style shortcuts to be built for
> > registered modules
> > 
> 
> I think this sounds like a really intriguing idea.  

Me too.  

One other thing that might be very useful would be the
concept of signed LKMs, using certificates.  Netscape recently announced
that they'd be doing this for plug-ins and Java applets as part 
of their security efforts.  Microsoft is apparently doing something
similar as part of ActiveX/DirectX.  The attractive thing would be
if the sysadmin could specify a policy that allows later registration
of signed LKMs -- this might be very useful, e.g., for remote administration
and updates.  These signatures are designed to be very hard to forge;
and I've been told that cryptography that is used for certificate
generation and verification is not classified as munitions.

Using X.509 certificates, it is not very hard to specify a trust
hierarchy back to a root; and with SET (the Visa/Mastercard Secure
Electronic Transaction standard) driving the creation of an X.509
certificate infrastructure, we'd be working with something that is
likely to be well supported.

--Terry
tmm@mcci.com	tel: +1-607-277-1029	fax: +1-607-277-6844