loadable kernel modules are evil
Posted Dec 2, 2011 19:15 UTC (Fri) by giraffedata
In reply to: Quotes of the week
Parent article: Quotes of the week
Right. In addition to saying not to compile modules you don't use, he said to statically link the ones that you do compile into the base kernel. With the reduced amount, that is practical and it has the benefit that no hacker can change the code.
I'm sure he didn't mean for it to apply to someone developing the module, though.
Also, it seems like a poor idea to test kernel code on a system important enough to care about security. I always use a separate expendable, impotent, minimal test system for that. In fact, it's about as quick and easy to reboot that test system as to reload a module.
to post comments)