I would tend to disagree: if all the files involved are only writable by
root, there is no reason why we shouldn't trust dynamicly loadable
modules. The basic theory, IMHO, is that if there is no reason why
somthing is fundemently untrustable without castration, we should make
every reasonable attempt to make it trustworthy. As far as I can tell,
there is no reason why dynamicly loaded modules are fundemently
untrustable, assuming that we trust all users who can write to any of the
files involved in the process of loading the module, *after the trigger*.
That is to say, if we trust /etc/{modules.conf,conf.modules},
/proc/sys/kernel/modprobe (and the file it points to), and the module
itself, there is no reason that dynamicly loading the module should be any
less safe then allowing the user to use compiled-in kernel drivers.
I certianly won't dissagree, however, if you are saying that anyone who
can load _arbitary_ kernel modules is speical -- indeed, more powerful
then even root without that power.
-=- James Mastros
-- True mastery is knowing enough to bullshit the rest. -=- Me
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu