From owner-freebsd-questions@freebsd.org Wed Jun 17 19:30:24 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58207331EA6 for ; Wed, 17 Jun 2020 19:30:24 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49nFXH4fr9z4N2t for ; Wed, 17 Jun 2020 19:30:23 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk1-x736.google.com with SMTP id 205so3231922qkg.3 for ; Wed, 17 Jun 2020 12:30:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y/ahvt90TdQpbRjxT+lkb02x4cq0DvuLAwAdH3rDUVE=; b=GW9Oe3Tj5Ns5IpFK1EeANe3iZRfQsUotREGJ5bzABIDZ6qDF96Np15gVxZo2DnweSP dJQkNbr2bCKRmadSMySYAcipa8lmMh/FlpsRdM2vbpXyd87t7XDu84NEw5kJFja7Im7n tkOkoeWQ7u8cDR5hy+qAh1Eb9+2O4xXlEohEEcLIz8oemQs6plaAhjPEBaPepDLW9iua N6DfQaLGUMGJKu1cYlZpOQN2KAX+FofM9i2z5eyTH6tBYxmQs7rb8wZFsDmJyk2AvXof 2RfGNb6D8bSKdUvWXrTys/MQaiRg5RsExeVEb4ieo5cvKjGNH9SONhZlMPH5o2kGuGrc ZqlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y/ahvt90TdQpbRjxT+lkb02x4cq0DvuLAwAdH3rDUVE=; b=DiRQtyajh+T2srOGXjbLb3RDNa7Hu4zDpWdxxGkVR6yD2DMvngCOtVTlSnHVUbe9Ly QhsvasSa//4A2VBqh+RrODUkAbptWBC1zvjaQJUW1Ke6Hkq4kkSl05Tyv6TrJfSJHdIs CSXOpJQkM2OYaKWrfpIXFULR9Kk6us0e5zCbWuTHtkRzWxYa2RKtlJfv/zdhxdP+r/IS JnVjiwHIX+7YkT5DVLBSV1TgToRrcBFP9knlG+3aixfvPuhCqxt9wvfXUX4ulLNVYp61 u4/YfhQ+3yTMcsfU8AsVu+E5xb4myE7bm3VHKIzkHfaKwIXNKvcY/CvrVbuEGdLvfTI8 n7AQ== X-Gm-Message-State: AOAM532OxrNMAT3ilicmXTKGo6Wr/1pXmA9L6IHtuY2SS+M4rtUPXzW6 W1raIsZvVHYZP0zyJvZL0Lc2Dm0HeVKVZqfRf3RJIOKNXEY= X-Google-Smtp-Source: ABdhPJzpAeG1Ogci9fGFA6kyR2l2S2xYb3qreg1i+38J4nOD9OamGaxtGj2ZD+QMCg4KRaD0OSfzfIzI5ebsFidtFlg= X-Received: by 2002:a05:620a:90f:: with SMTP id v15mr184306qkv.399.1592422222584; Wed, 17 Jun 2020 12:30:22 -0700 (PDT) MIME-Version: 1.0 References: <3a48ab1ab198c330400be3e942f921f2cd3c3e11.camel@tom.com> <20200617141857.b208232a.freebsd@edvax.de> <20200617203752.05e35582.freebsd@edvax.de> In-Reply-To: <20200617203752.05e35582.freebsd@edvax.de> From: Michael Sierchio Date: Wed, 17 Jun 2020 12:29:46 -0700 Message-ID: Subject: Re: Why does FreeBSD not use the Linux kernel? To: Polytropon Cc: FreeBSD Questions X-Rspamd-Queue-Id: 49nFXH4fr9z4N2t X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623 header.b=GW9Oe3Tj; dmarc=none; spf=none (mx1.freebsd.org: domain of kudzu@tenebras.com has no SPF policy when checking 2607:f8b0:4864:20::736) smtp.mailfrom=kudzu@tenebras.com X-Spamd-Result: default: False [-0.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.69)[-0.686]; R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.08)[0.075]; NEURAL_HAM_LONG(-0.98)[-0.976]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[tenebras.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::736:from]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2020 19:30:24 -0000 On Wed, Jun 17, 2020 at 11:37 AM Polytropon wrote: > On Wed, 17 Jun 2020 10:55:14 -0700, Michael Sierchio wrote: > > > The chief difference from my perspective is that it is possible in > FreeBSD > > to create a monolithic kernel and prohibit the loading of kernel module= s, > > foiling one step in the chain of a rootkit. It's especially convenient > for > > embedded devices, security appliances, etc. > > Before the KLD infrastructure became that universal, > it was quite common to create your kernel configuration > file specifically for the hardware you wanted to run > the system on, and add kernel features as needed, so > everything and _only_ the needed components would be > in the resulting kernel. > > Another option was to create a very minimalistic kernel, > then build and load only the modules needed. > > Today the GENERIC kernel supports a lot of hardware > out of the box, and required modules can often be > loaded automatically, initiated by userland processes, > if you want (like from a rc.conf setting or even > dynamically via devd). > > You can still choose what fits your needs best. :-) > Exactly and precisely. The custom kernel that contains only hardware options that are present is a fraction of the size of GENERIC. > > > > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > --=20 "Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is = no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata