| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1289219016.10229.14.camel@dan> Date: Mon, 08 Nov 2010 07:23:36 -0500 From: Dan Rosenberg <drosenberg@...curity.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: linux-kernel@...r.kernel.org, security@...nel.org Subject: Re: [PATCH RFC] Restrictions on module loading > NAK - Its a long standing ABI. As far as I can tell, modules_disabled was first included in 2.6.31, so it's hardly what I'd call "long standing". However, I see your point - it's definitely not my intention to surprise anyone by changing security features out from under them. I do think merging the features makes sense in this case. I'll rework this to keep the "modules_disabled" name, where a value of "0" means default behavior, a value of "1" means no loading or unloading (and no changing it back), and the new value of "2" incorporates the restrictions I'm intending to enforce. > > I've no objection to modules_restrict although I doubt it'll ever get > used in the real world, but better to extend the meaning of the existing > interface, not remove stuff. > There has been interest in improving the ease with which users can enforce restrictions on automatic module loading. No one is being forced to use it. -Dan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists