tech-kern: Re: LKMs (was Re: IPSEC in GENERIC)

Subject: Re: LKMs (was Re: IPSEC in GENERIC)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 02/21/2006 11:31:07

--KdquIMZPjGJQvRdI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 20, 2006 at 12:23:09PM -0500, der Mouse wrote:
> >> I'm with you.  I've been hacking kernels (or the equivalent) since
> >> 1967.  I'd much rather have LKMs.  If I were king, I'd decree that
> >> *all* device drivers must be loadable, and *all* device drivers
> >> should be dynamically loaded except for those that are necessary to
> >> boot the system and read in new device drivers.
>=20
> If I were trying to build hardened systems, I'd be really glad you're
> not king.  One of the first things I do when building a
> security-critical system is remove LKM capability.  Securing one file
> (which may not even be a normal file) on boot media is a significantly
> easier task than securing a few dozen files in the running system's
> filesystem.

Uhm, you and a few other folks have talked about embedded systems in this=
=20
manner, and I really don't understand it. If you are doing embedded system=
=20
work, WTF is your root file system actually coming off of the boot media?

My experience is that it's far saner to do something like what NetBSD does=
=20
for install kernels. Put the root file system (with all the binaries) in=20
the kernel. Then mount the boot media somewhere and have symlinks from=20
/etc and such into that directory. Since everything you execute came with=
=20
the kernel, you do not have binary versioning issues (though you still=20
have configuration versioning issues).

That said, a static kernel is porbably still better. Files take up space=20
on the root file system (in memory), and loading an LKM would then need=20
that duplicated into KVM. So loaded modules would take up twice the space.

Take care,

Bill

--KdquIMZPjGJQvRdI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFD+2p7Wz+3JHUci9cRAl9uAJ9h28PNU4AwIixgBFwGXCZ9w7w0IQCfZjMo
g91gcBWsCDfyFXpEzaHeLDw=
=asdC
-----END PGP SIGNATURE-----

--KdquIMZPjGJQvRdI--