Kernel w/o loadable mods, for security?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mfoodog at <-
Mfoodog at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: John (EBo) David
Date:  
Subject: Kernel w/o loadable mods, for security?
foodog wrote:
>
> I'm putting the finishing touches on a mail server. Once it's done,
> I'll never get to touch it again unless the hardware catches fire (it
> may get a day or two off next June).
>
> It's looking like a good idea to build a newer kernel to get really
> happy reiserfs. I'm considering leaving out support for loadable
> modules to make things inconvenient for the hypothetical cracker who may
> try to homestead on it. Kmod rootkits are high on my nightmare list.

homestead? I am not aware of this term in this context. Where can I
read about the Kmod rootkits -- as if I needed more cause for wory...

> Can someone suggest a good way to determine what to include in a
> monolithic kernel? Any thoughts about no loadable modules as a security
> measure?

This is outside of my expertise, but I would polish a server down to
what I both need and would resonably expect to set up in the future, and
then recompile the kernal in the same configuration just without module
support.

If I was running a real mail server (for more than just myself and a
couple of friends) I would be REALLY tempted to set up an old small
machine with the same configuration that I could do developmental
upgrades on to test...

EBo --

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Kernel w/o loadable mods, for security?The future of Software (Was: August PLUG topic: Kylix)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)