Re: Misc Fixes

Alan Cox (
Thu, 11 Jul 1996 10:58:36 +0100 (BST)

> > Yes. Allowing module loads has to be blocked by securelevel
> This would make the use of kerneld impossible. I suggest to

Kerneld is not usable in a secure environment as is..

> - Mark the modules immuteable using the immutable file attribute.

I can mark files immutable after the secure level is set. This therefore
doesnt work.

> - A mechanism that allows to limit loading of modules to certain programs:
> In case of kerneld require that it's inode is also immuteable and
> owned by root or kerneld must have been started before the securelevel
> was raised.

and its config files.

Just insisting a module loader was started before the securelevel was raised
would do the job I think.