From owner-freebsd-current  Tue Oct  9  3:26:37 2001
Delivered-To: freebsd-current@freebsd.org
Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.121.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id C7BCC37B405; Tue,  9 Oct 2001 03:26:29 -0700 (PDT)
Received: from dialup-209.247.139.131.dial1.sanjose1.level3.net ([209.247.139.131] helo=blossom.cjclark.org)
	by avocet.mail.pas.earthlink.net with esmtp (Exim 3.32 #2)
	id 15qu5f-00077A-00; Tue, 09 Oct 2001 03:26:24 -0700
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id f99APNU09133;
	Tue, 9 Oct 2001 03:25:23 -0700 (PDT)
	(envelope-from cjc)
Date: Tue, 9 Oct 2001 03:25:23 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Holtor <holtor@yahoo.com>
Cc: stable@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: options NO_KLD
Message-ID: <20011009032522.J350@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011008184837.31143.qmail@web11604.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011008184837.31143.qmail@web11604.mail.yahoo.com>; from holtor@yahoo.com on Mon, Oct 08, 2001 at 11:48:37AM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, Oct 08, 2001 at 11:48:37AM -0700, Holtor wrote:
> Will this NO_KLD option be commited to
> -current and then hopefully -stable?
> 
> I have been checking the LINT file each morning
> after the nightly cvsup runs hoping to find this
> option in there but so far havent seen it in
> sight.
> 
> Any ideas?

I got four, count 'em, four, emails from people who thought it was the
neatest thang since sliced bread. I was surprised there were no
flames, but none of those. (Well, one came close.)

As I said, I was never planning to commit it. The illusion of security
is more dangerous than knowing the problem is there. The patch makes
it a little harder to get code into a running kernel, but does not
come close to stopping it. As lame as securelevel(8) is, you are much
better off figuring out how to raise it and still retain whatever
functionality you need.

This is what I've already said on -security,

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=297347+0+archive/2001/freebsd-security/20011007.freebsd-security

And the original patches,

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=172366+0+archive/2001/freebsd-security/20011007.freebsd-security

But hey, if people want it, I CAN JUST WRITE THE WARNINGS IN ALL CAPS
IN THE NOTES FILE and try not to be disappointed when they still don't
read it.
-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message