Re: Proposal: Disable autoload of compat_xyz modules

To: tech-kern%NetBSD.org@localhost
Subject: Re: Proposal: Disable autoload of compat_xyz modules
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Wed, 2 Aug 2017 23:08:06 +0200

On Wed, Aug 02, 2017 at 08:52:15PM +0200, Maxime Villard wrote:
> I disagree. The cost of doing a modload is low enough compared to the
> configuration needed to use compat_linux. Just like the command you quoted.

If I wanted OpenBSD, I know were to get it. There is a balance between
pissing off people and providing security. If you want to minimize the
attack surface at all cost of *your* system, you are free to do so.
Otherwise it has to be balanced. So far modules have primarily created
problems for a lot of people without any gain. Disabling rarely used
code is one thing, disabling commonly used code is something else. Stop
pushing for "security" as a single goal above else. It doesn't make you
more credible, it just makes people shot down sensible proposal as knee
jerk reaction because they are waiting for the insane follow-up.

Joerg

Follow-Ups:
- Re: Proposal: Disable autoload of compat_xyz modules
  - From: Maxime Villard

References:
- Re: Proposal: Disable autoload of compat_xyz modules
  - From: Taylor R Campbell
- Re: Proposal: Disable autoload of compat_xyz modules
  - From: Maxime Villard

Prev by Date: Re: Proposal: Disable autoload of compat_xyz modules
Next by Date: Re: Proposal: Disable autoload of compat_xyz modules
Previous by Thread: Re: Proposal: Disable autoload of compat_xyz modules
Next by Thread: Re: Proposal: Disable autoload of compat_xyz modules
Indexes:

Home | Main Index | Thread Index | Old Index