Re: kernel module loading vs securelevel

To: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Subject: Re: kernel module loading vs securelevel
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sat, 16 Oct 2010 14:46:45 -0400

On Sun, Oct 17, 2010 at 03:03:58AM +0900, Izumi Tsutsui wrote:
> > > If we should I'll enable options INSECURE by default on ports
> > > that require options MODULAR (to save kernel file size).
> > 
> > Do not do that.  You will introduce a significant security regression
> > just for your own convenience.
> 
> Heh, then why have we had it on i386 for years?

So what you're trying to suggest is that if one port, for historical
reasons, ships with an insecure setting in the default kernel, that's
an explanation of why *every* port should?

I think there's something wrong with your logic.

Thor

Follow-Ups:
- Re: kernel module loading vs securelevel
  - From: Izumi Tsutsui

References:
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Izumi Tsutsui

Prev by Date: Re: kernel module loading vs securelevel
Next by Date: Re: kernel module loading vs securelevel
Previous by Thread: Re: kernel module loading vs securelevel
Next by Thread: Re: kernel module loading vs securelevel
Indexes:

Home | Main Index | Thread Index | Old Index