[lug] Module support (kernel compile)
John Starkey
jstarkey at ajstarkey.com
Thu Aug 10 21:55:46 MDT 2000
Ok hopefully this will be the last question.
I will probably try compiling without any modules (atleast once). I'm
using (pretty much) all standard equip. Without know what I have here, on
average, would you say the kernel _usually_ has everything I need without
any modules.
My biggest worry is the ISA cards.
I am starting to really test the limits of my knowledge (not that I don't
do that every minute). I am removing one feature after another without
REALLY knowing what they do. I don't wanna end up with an unbootable. What
would make that happen, any quick answers?
I'm gonna make a boot floppy now just incase. But there's nothing short of
a complete erasure that would make me go back to the RedHat distro disk?
Would kinda defeat the purpose.
Once again. Thanks this is a lot of help.
John
On Fri, 11 Aug 2000 rm at mamma.varadinet.de wrote:
> On Thu, Aug 10, 2000 at 11:19:25PM -0400, John Starkey wrote:
> > Ok. So if I check yes to the modules session that means (only) that i can
> > load them and will know they are loaded with the lsmod command. Or do some
> > of the not show up. I'm speaking in general regarding any modulable (is
> > that even a word) question in make config.
>
> Ah, i see, you're talking about the modules section in the 'make config'
> (funny, this is what i'm staring at right now). This means that the kernel
> supports loadable modules ...
>
> > And if I conpile everything in, then can I add things later? I may be
> > answering my own question (if I understand myself correctly :} ). I'm
> > gathering (from myself) that modules are basically there so they "load on
> > demand" without having to recompile.
>
> ... yes, as long as you selected the loadable module support.
> >
> > I know this is a really big question and the answer could probably take up
> > a book, but.... what makes them a risk??
>
> Well, because from within a module you can change every aspect of the kernel.
> For example you can change system functions. As a hacker/cracker it's possible
> to redifine some of the virtual file system functions so that the hacker tools
> won't show up any more, or one could make certain programs/network connections
> 'invisible'. This is actually pretty easy. (Of course one needs to be root
> to load a module but in certain circumstances not having module support adds
> an extra layer of security to the box. Not that you would often need this or
> that you should rely on it).
>
>
> Ralf
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list