|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Removal of Loadable Kernel Modules and Custom Kernels
Loadable Kernel Modules were removed and I can see the rationale for not having bits of code randomly insert into the stack. Conversely, that would mean more unused devices are in the kernel itself including some that may be a security risk. I'm thinking specifically of Intel and Via random number generators which I understand are not used.
Given the paranoia revolving around what is really in a device chip, would there be a stronger argument for stripping a kernel of unneeded devices? |
|
||||
In further support of the monolithic history, except kqemu, whenever we added kernel drivers above and beyond GENERIC we built custom kernels, these were never written as kernel modules. The two that come to mind were RAIDframe and NTFS. The former was replaced by softraid(4), the latter became part of GENERIC on applicable architectures.
|
|
|||
How does the driver code get executed if you don't have the device? I'm not a kernel programmer but I'd think if someone could get the kernel's PC pointed into weird places like that the game's already over. In favour of a simple kernel image with all supported drivers in it, as I think has been pointed out by developers, there's a testing advantage to having a common image many people use. It helps control combinatorial explosion.
|
|
|||
Quote:
|
|
||||
Any hardware random number generator will only be one of many entropy sources for this OS. Start at page 19 of Theo De Raadt's 2014 arc4random presentation. There's a video of the presentation available.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
custom kernel problem | pahel0 | FreeBSD General | 8 | 15th February 2010 11:13 PM |
FreeBSD 7 i386, PAE and kernel modules | eztiger | FreeBSD Installation and Upgrading | 7 | 1st April 2009 06:07 PM |
kernel modules | Mr-Biscuit | FreeBSD General | 0 | 2nd March 2009 06:18 AM |
About Custom Kernels | qmemo | NetBSD General | 2 | 28th September 2008 03:45 PM |
Are certain kernel modules permanent? | davidgurvich | FreeBSD General | 3 | 6th June 2008 06:14 PM |