View previous topic :: View next topic |
Author |
Message |
lekto Apprentice
Joined: 20 Sep 2014 Posts: 207 Location: Ancient Rome
|
Posted: Mon May 23, 2022 4:10 pm Post subject: Kernel modules disabled in gentoo-sources on iBook G4. |
|
|
Hi, I'm trying to configure new kernel (5.15.41) from scratch and modules are disabled. I tried few devices and there is no option to build them as modules. When I searched for modules I got this:
Code: | Symbol: MODULES [=n]
Type : bool
Defined at init/Kconfig:2063
Prompt: Enable loadable module support |
There is not any "Depends on" or "Selected by". What am I missing? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54577 Location: 56N 3W
|
Posted: Mon May 23, 2022 4:27 pm Post subject: |
|
|
lekto,
Code: | [*] Enable loadable module support ---> |
Can you turn that on?
Its not an error to make a kernel that does not support loadable modules. From a security perspective, its a good thing but it prevents the use of out of tree modules.
In tree 'modules' must be built in or omitted. There is only <*> or < >.
The downside to not using modules is getting firmware right. That has to be built into the kernel binary too. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
lekto Apprentice
Joined: 20 Sep 2014 Posts: 207 Location: Ancient Rome
|
Posted: Mon May 23, 2022 4:58 pm Post subject: |
|
|
Thanks, I don't know how I missed that, searching for modules in plural form didn't helped.
NeddySeagoon wrote: | […]From a security perspective, its a good thing […] |
I've never understood this argument - to load any malicious module you need to have the root access, so it's game over anyway. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22648
|
Posted: Mon May 23, 2022 6:19 pm Post subject: |
|
|
Loading modules requires a specific subset of root access. You should not assume that an attacker who acquires that one specific type of root access has all root privileges. History is filled with examples of partial compromises, where an attacker can do some particular subset of operations as root, but does not have an unrestricted root shell from which to run arbitrary commands. By denying module loading, the administrator can prevent an attacker who has module load permission from using that to gain other permissions. If module load permission is the only thing the attacker has managed to compromise, then a no-modules system is immune. |
|
Back to top |
|
|
|