socket at peakpeak.com
Mon Aug 14 14:14:40 MDT 2000
John Starkey <jstarkey at ajstarkey.com> writes:
> So regarding the security aspect of modules. It is safe to leave them in
> if the kernel doesn't support modules?
If the kernel you're running doesn't support modules, the modules
sitting in /lib/modules/* are pretty much dead weight. I'm pretty
sure that compiling the kernel to not support modules removes the code
that allows modules to be loaded, in addition to simply not building
modules. I can't think of a reason why it wouldn't.
You're safe with that option, but modules are not a bad thing, really.
Only root can load modules into the kernel. I've heard of malicious
modules being loaded into kernel and disappearing from sight by
modifying the filesystem and module-handling code, but if someone has
root access to load modules into your system in the first place, they
can do pretty much anything they want anyway. Root gives you the
power to hang yourself upside down by the toenails; Linux isn't
concerned in the slightest with protecting root from itself - that
defeats the point of root itself.
> What I'm trying to do is get down to an "only what I need" state,
> without losing the existing functionality.
That's a reasonable goal, especially for firewalls and servers. Just
remember that if the number of things you need grows, you might end up
putting things back in that you took out. It's still a good
philosophy, though perhaps slightly less so for a desktop system.
> Red Hat is great for beginning the Linux trek, in my opinion, but if
> really want to know what this box will do I need to know what's in
True, but it's possible to learn a lot without removing things.
> And I'm not the type that can read a book and know what
> everything does, no adrenaline involved :}.
It's hard to read a technical book and get something out of it without
applying it at the same time. I recommend O'Reilly's "Unix Power
Tools" for learning about shells and the more common of the
command-line tools. Find the HOWTOs that discuss things you want to
know more about, and try applying them at the same time.
I've personally found adrenalin less useful around computers, as it
makes me tend to hit 'Enter' before I've stared at the command long
enough to decide if it'll actually do what I want. And caffeine makes
me twitch more than it keeps me awake. Ah, well.
socket at peakpeak.com
More information about the LUG