IIRC I posted the comment erroneously (I wanted to post it on the previous article: "KHB: Recovering Device Drivers: From Sandboxing to Surviving").
Anyway, my idea was that regular device drivers modules are usually associated with hardware management and loaded according to some hardware-related event (possibly kernel-controlled in the first place). So you can build something where such kernel code could be trusted, even if loaded dynamically.
However, with a security orientation, one usually try to refrain from using admnistrator-loadable modules in order to avoid that a successful attack enables the attacker to install kernel level backdoors (nearly impossible to detect).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds