From owner-freebsd-hackers  Wed Jun  7  0:28:40 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 2A35B37B6AE
	for <hackers@FreeBSD.ORG>; Wed,  7 Jun 2000 00:28:38 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id AAA97354;
	Wed, 7 Jun 2000 00:28:31 -0700 (PDT)
	(envelope-from dillon)
Date: Wed, 7 Jun 2000 00:28:31 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200006070728.AAA97354@apollo.backplane.com>
To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
Cc: hackers@FreeBSD.ORG
Subject: Re: kerneld for FreeBSD
References: <393C11B4.D40B9EBD@vangelderen.org>
 <200006052351.QAA00547@mass.cdrom.com> <20000606215317.A1984@frolic.no-support.loc>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

    I personally consider leaving the kernel module loadable intact after
    boot to be a huge, huge security hole.  Loadable modules... fine, but
    once the machine goes multi-user I want to up the securelevel and
    that disables any further kld operations.  If one of the biggest 
    advantages of FreeBSD is its robustness and reliability, then one
    generally does not want to go loading and unloading modules all the
    time.

    A 'kerneld' like gizmo for FreeBSD would be a waste of time.  The
    scheme we have now -- having the utility programs load the modules
    on the fly (ifconfig, vnconfig, etc...) works wonderfully.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message