Date: Mon, 10 Jul 2000 01:02:11 -0700 From: Peter Wemm <peter@netplex.com.au> To: John Baldwin <jhb@FreeBSD.ORG> Cc: Adam <bsdx@looksharp.net>, arch@FreeBSD.ORG Subject: Re: making the snoop device loadable. Message-ID: <200007100802.BAA08058@netplex.com.au> In-Reply-To: Message from John Baldwin <jhb@FreeBSD.ORG> of "Sun, 09 Jul 2000 13:24:56 PDT." <200007092024.NAA81999@john.baldwin.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote:
>
> On 09-Jul-00 Adam wrote:
> > On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> >
> >>In message <Pine.BSF.4.21.0007091411480.407-100000@turtle.looksharp.net>, A
dam
> >>writes:
> >>>On Sun, 9 Jul 2000, Poul-Henning Kamp wrote:
> >>>
> >>>>
> >>>>>If this change goes in, what do you do if you wish not to have snooping
> >>>>>capable through the snp device and do not wish to lock unneccessary part
s
> >>>>>of the system down with securelevel?
> >>>>
> >>>>You do the same as before: Hold on tight to your root password.
> >>>
> >>>I dont like kernel changes that make the kernel do less babysitting and me
> >>>more. Tough, I guess.
> >>
> >>You have always needed to babysit your root password.
> >
> > Ok, I give in to the argument. I would just like to make a wish. On Jan
> > 24 1999 peter took the NO_LKM option out of LINT. I assume the support
> > for it in other files was removed around that time also. Could someone
> > implement a NO_KLD option so you dont need to use securelevel > 0 so
> > people have an obvious option and dont have to know the kernel well enough
> > to hack syscalls.master?
>
> Patches accepted. :) Seriously, if you come up with a patchset
> I'll look at it and see about getting it in the tree.
NO_LKM was different. The LKM subsystem was always an "add-on" system.
NO_LKM got changed to 'options LKM' which meant you had to choose to
activate it. Once LKM became obsolete, it went away entirely.
KLD however is built into the very core of the system. Most of the
kernel subsystems are standalone KLD modules linked into a single file and
use the module registration system to activate themselves. You cannot
just remove it.
At best, you could prevent kldload() from working. However, that does not
stop loader(8) preloading the files, which completely bypasses the
kldload(2) syscall. Just add 'load /hack/myfile.ko' >> /boot/loader.conf
and you are set.
Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007100802.BAA08058>