>>>> If I were king, I'd decree that *all* device drivers must be
>>>> loadable, and *all* device drivers should be dynamically loaded
>>>> except for those that are necessary to boot the system and read in
>>>> new device drivers.
>> If I were trying to build hardened systems, I'd be really glad
>> you're not king.  [...]
> Uhm, you and a few other folks have talked about embedded systems in
> this manner, and I really don't understand it.

I actually wrote "hardened", not "embedded".  They share some design
criteria, but are a long long way from being the same thing.

> If you are doing embedded system work, WTF is your root file system
> actually coming off of the boot media?

It might not be; boot media and root media do not necessarily bear any
particular relationship to one another.  However, what does that have
to do with anything?

> My experience is that it's far saner to do something like what NetBSD
> does for install kernels.  Put the root file system (with all the
> binaries) in the kernel.

Yes, sometimes that's a sane choice.  But sometimes it's not.

> That said, a static kernel is porbably still better.  Files take up
> space on the root file system (in memory), and loading an LKM would
> then need that duplicated into KVM.  So loaded modules would take up
> twice the space.

Yes.  But, more important from a hardening point of view, if the kernel
doesn't have LKM support, it's *much* harder to load a rootkit-style
module into it at run time.  (If it has LKM support but it's disabled
eg via securelevel, you are pinning all your security on the memory
word holding securelevel.  If you don't even have LKM support in the
kernel, it's a great deal more difficult to do the equivalent of
loading an LKM, even if it may be just as theoretically possible.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B