On Tue, Dec 06, 2011 at 04:19:35PM -0500, Chuck Ebbert wrote: > On Fri, 2 Dec 2011 13:38:51 -0500 > "John W. Linville" <linville@xxxxxxxxxx> wrote: > > > As for the stated benefits... I'm skeptical of the security argument. > > I mean, I can believe that a module could get accidentally or > > inadvertantly loaded and then exploited. I just think that closing > > those holes is a better plan. > > Unfortunately, network modules will be autoloaded if a program opens > a socket with that protocol. They've talked about securing that, but > it never happened. That seems more realistic for a protocol module (e.g. sctp) than for a queueing discipline (e.g. sch_sfb) or a TCP congestion control algorithm (e.g. tcp_westwood). > And there is a long history of security bugs being found in the new > and/or infrequently-used modules. That's probably true. I still wonder if that is common enough to be worth the change. John -- John W. Linville The water won't run clean until you get linville@xxxxxxxxxx the pigs out of the creek. _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
