Re: [TCLUG:14187] compile problems: net-pf-1 module?

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:14187] compile problems: net-pf-1 module?
From: Chewie <chewie@wookimus.net>
Date: Thu, 2 Mar 2000 18:05:09 -0600
In-Reply-To: <2.2.16.20000302173241.1acfeb10@smtp.agritech.com>; from carls@agritech.com on Thu, Mar 02, 2000 at 03:31:25PM -0800
References: <2.2.16.20000302173241.1acfeb10@smtp.agritech.com>
User-Agent: Mutt/1.0i

Regardless of how much the kernel increases in size because of it, you should
always add support for kernel modules.  The only exception to this is if
you're absolutely certain that your hardware will not change and you
wish to enforce strict kernel security.  For example, if you have an
internet accessible machine, I would argue that a monolithic kernel
would be more secure than one with loadable modules.  There are known
modules, as Ben tells me, that can be loaded into a Linux kernel to hide
thread processes, the existance of directories, and basically mask all
activity of a given user.  This is pretty scary.

However, if you are creating kernels for a workstation behind a
firewall, or perhaps you only have one computer (come on...go out, spend
$30 for a 486 w/16 MB of RAM and a floppy drive and install an LRP
firewall), modules are a wonderful thing.  They give you flexibility to
change your environment without having to recompile a kernel, which on
some systems takes more than a half hour.

Have fun! ;-)

-- 
^chewie

PGP signature

References:
- Re: [TCLUG:14187] compile problems: net-pf-1 module?
  - From: "Carl Wilhelm Soderstrom" <carls@agritech.com>

Prev by Date: Re: [TCLUG:14187] compile problems: net-pf-1 module?
Next by Date: Console-apt...gone in frozen/unstable
Prev by thread: Re: [TCLUG:14187] compile problems: net-pf-1 module?
Next by thread: Re: [TCLUG:14229] Twin Cities Linux Users Group Meeting Announcement
Index(es):
- Date
- Thread