Subject: Re: LKM's shouldn't be allowed to be loaded in multiuser mode.
To: None <tech-kern@NetBSD.ORG>
From: matthew green <mrg@mame.mu.OZ.AU>
List: tech-kern
Date: 03/19/1995 11:47:40
you have to pay something for security. to have the concept of
securelevel, it means that you lose somethings that are otherwise
doable. this includes the ability to load extra modules as you
want. if you want to be able to do this, then you have to give
up the extra security that securelevel gives you. the ability to
load *any* random code into the kernel means you've got the
ability to do anything to the system. securelevel is supposed to
stop you from having that -- no write access to /dev/k?mem, or to
the disk devices while securelevel > 0.
you may as well not have securelevel if you are going to allow
lkm's with securelevel > 0. ie, if you are a kernel hacking and
are using lkm's, then you'd be best to run with securelevel = -1
and not have to worry about it.
.mrg.