From owner-freebsd-advocacy Thu Mar 23 17:36:25 2000 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.rz.fh-wilhelmshaven.de (mail.rz.fh-wilhelmshaven.de [139.13.25.134]) by hub.freebsd.org (Postfix) with ESMTP id 13E8737C58E for ; Thu, 23 Mar 2000 17:35:14 -0800 (PST) (envelope-from ohoyer@fbwi.fh-wilhelmshaven.de) Received: from fettesau.stuwo.fh-wilhelmshaven.de (stuwopc5.stuwo.fh-wilhelmshaven.de [139.13.209.5]) by mail.rz.fh-wilhelmshaven.de (8.9.3/8.9.3) with SMTP id CAA27924 for ; Fri, 24 Mar 2000 02:35:09 +0100 (MET) Message-Id: <4.1.20000324022914.00cbed30@mail.rz.fh-wilhelmshaven.de> X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 24 Mar 2000 02:33:30 +0100 To: advocacy@FreeBSD.ORG From: Olaf Hoyer Subject: Re: New article In-Reply-To: <38DAB25B.E2BBC400@newsguy.com> References: <200003231326.IAA24776@blackhelicopters.org> <38DA7A60.B7C23121@newsguy.com> <38DA950C.D4DCE9CC@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >> > Legacy hardware will still need to be hand configured (though not >> > necessarily built in the kernel), and some kernel options are probably >> > unavoidable. >> >> But could potentially be configured through a loader script, rather >> than compiled into the kernel. Hi! Question: Is a loadable kernel module not a potential security risk? I mean, if some module (which runs on a deeper, priviliged mode) has some malicous code in it, or simply is buggy, and is loaded during runtime, it could cause a box to simply crash. Imagine some attacker exchanging some kernel module against own code, and causing that module to be loaded (say, some driver for access to certain filesystems, or zip drive etc...), or waiting for the module to be loaded (say, for regular, scheduled activities like backups or batch jobs or so) Wouldn't it be safer, from a technical point of view, to allow as less than possible kernel modules, thus enhancing stability and uptime? Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message