Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Oct 2001 03:25:23 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        Holtor <holtor@yahoo.com>
Cc:        stable@FreeBSD.ORG, current@FreeBSD.ORG
Subject:   Re: options NO_KLD
Message-ID:  <20011009032522.J350@blossom.cjclark.org>
In-Reply-To: <20011008184837.31143.qmail@web11604.mail.yahoo.com>; from holtor@yahoo.com on Mon, Oct 08, 2001 at 11:48:37AM -0700
References:  <20011008184837.31143.qmail@web11604.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Oct 08, 2001 at 11:48:37AM -0700, Holtor wrote:
> Will this NO_KLD option be commited to
> -current and then hopefully -stable?
> 
> I have been checking the LINT file each morning
> after the nightly cvsup runs hoping to find this
> option in there but so far havent seen it in
> sight.
> 
> Any ideas?

I got four, count 'em, four, emails from people who thought it was the
neatest thang since sliced bread. I was surprised there were no
flames, but none of those. (Well, one came close.)

As I said, I was never planning to commit it. The illusion of security
is more dangerous than knowing the problem is there. The patch makes
it a little harder to get code into a running kernel, but does not
come close to stopping it. As lame as securelevel(8) is, you are much
better off figuring out how to raise it and still retain whatever
functionality you need.

This is what I've already said on -security,

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=297347+0+archive/2001/freebsd-security/20011007.freebsd-security

And the original patches,

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=172366+0+archive/2001/freebsd-security/20011007.freebsd-security

But hey, if people want it, I CAN JUST WRITE THE WARNINGS IN ALL CAPS
IN THE NOTES FILE and try not to be disappointed when they still don't
read it.
-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011009032522.J350>