From owner-freebsd-arch Mon Jul 10 1: 2:19 2000 Delivered-To: freebsd-arch@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id CF6B537B623; Mon, 10 Jul 2000 01:02:13 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.9.3/8.9.3) with ESMTP id BAA08058; Mon, 10 Jul 2000 01:02:11 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200007100802.BAA08058@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: John Baldwin Cc: Adam , arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. In-Reply-To: Message from John Baldwin of "Sun, 09 Jul 2000 13:24:56 PDT." <200007092024.NAA81999@john.baldwin.cx> Date: Mon, 10 Jul 2000 01:02:11 -0700 From: Peter Wemm Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John Baldwin wrote: > > On 09-Jul-00 Adam wrote: > > On Sun, 9 Jul 2000, Poul-Henning Kamp wrote: > > > >>In message , A dam > >>writes: > >>>On Sun, 9 Jul 2000, Poul-Henning Kamp wrote: > >>> > >>>> > >>>>>If this change goes in, what do you do if you wish not to have snooping > >>>>>capable through the snp device and do not wish to lock unneccessary part s > >>>>>of the system down with securelevel? > >>>> > >>>>You do the same as before: Hold on tight to your root password. > >>> > >>>I dont like kernel changes that make the kernel do less babysitting and me > >>>more. Tough, I guess. > >> > >>You have always needed to babysit your root password. > > > > Ok, I give in to the argument. I would just like to make a wish. On Jan > > 24 1999 peter took the NO_LKM option out of LINT. I assume the support > > for it in other files was removed around that time also. Could someone > > implement a NO_KLD option so you dont need to use securelevel > 0 so > > people have an obvious option and dont have to know the kernel well enough > > to hack syscalls.master? > > Patches accepted. :) Seriously, if you come up with a patchset > I'll look at it and see about getting it in the tree. NO_LKM was different. The LKM subsystem was always an "add-on" system. NO_LKM got changed to 'options LKM' which meant you had to choose to activate it. Once LKM became obsolete, it went away entirely. KLD however is built into the very core of the system. Most of the kernel subsystems are standalone KLD modules linked into a single file and use the module registration system to activate themselves. You cannot just remove it. At best, you could prevent kldload() from working. However, that does not stop loader(8) preloading the files, which completely bypasses the kldload(2) syscall. Just add 'load /hack/myfile.ko' >> /boot/loader.conf and you are set. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message