RE: Disabling module loading with a module?

Jones D (djones2@glam.ac.uk)
Tue, 17 Aug 1999 14:15:47 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: fvw: "Re: Disabling module loading with a module?"
Previous message: Carlos Costa Portela: "Threads in linux."

> Recently there has been some discussion on BSDs securelevels
> (or whatever they're
> called. I'm just a beginner :*-( ), (Especially after the
> (alleged) hack of
> the (alledged) internet auditing project) , and the
> posibility of disabling
> the loading of modules without going down to single-user mode first.
>
> Would it be possible to make a module for the linux kernel
> that mimics this, by
> disabling the loading of modules? Could a module trap the
> necessary system
> calls for inserting a module, and disable them? That way It
> could act as a sort
> seal that is loaded after all modules are loaded at startup.

What would be the point of this?
Normal users can't insert modules anyway. Knocking out support for
modules insertion after startup just imposes limitations.

If a hacker has got the privs to insert modules, he could recompile
a kernel without the module-lockout-after-startup routines anyhow.

Personally I feel this would be a wasted effort.

btw: I seem to recall this (or similar) idea being proposed several times
in the last few months.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: fvw: "Re: Disabling module loading with a module?"
Previous message: Carlos Costa Portela: "Threads in linux."