Re: Misc Fixes

Systemkennung Linux (
Thu, 11 Jul 1996 05:24:11 +0200 (MET DST)


> > Not allowing module loads is reasonable, actually. That does NOT change the
> > fact that no module should access "securelevel", which is the original problem.
> Yes. Allowing module loads has to be blocked by securelevel

This would make the use of kerneld impossible. I suggest to

- Mark the modules immuteable using the immutable file attribute.
- Allow only loading of modules owned by root and marked immutable.
- Loading of modules from filesystems that don't support the immutable
attribute is forbidden. This prevents the (ab)use of certain filesystem
like NFS etc.
- A mechanism that allows to limit loading of modules to certain programs:
In case of kerneld require that it's inode is also immuteable and
owned by root or kerneld must have been started before the securelevel
was raised.

I think this policy for the loading of modules should be acceptable from
both point of security and useability of modules.