Permission to cause kernel modules to be loaded

Permission to cause kernel modules to be loaded

If you think it's really strange that an unprivileged user has the power to get code added to the running kernel, you're looking at module loading the wrong way. That network protocol was already enabled; the code for it is part of the kernel installed on the computer. We just delay loading it into memory until it is needed, for reasons of efficiency.

We have to restrict a user's power to set an IP address because it affects other users, but letting the user use a network protocol, for his own messages, that no one else has used yet since boot isn't in the same category.

The concept of restricting automatic module loads to reduce the attack surface just takes advantage of that delayed loading we invented for efficiency to implement a version of the more general concept of requiring special permission to do anything, so that Trojan horses cannot exploit bugs in code the user has no need to run.