Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Kernel for a server, modules or builtin?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
petrjanda
Veteran
Veteran


Joined: 05 Sep 2003
Posts: 1557
Location: Brno, Czech Republic
PostPosted: Wed Nov 17, 2004 11:50 am    Post subject: Kernel for a server, modules or builtin? Reply with quote
On a server kernel, should most stuff be compiled as Module or into the kernel? Also what stuff should be built-in within the kernel in all cases and at all costs, thus, not as module.
_________________
There is, a not-born, a not-become, a not-made, a not-compounded. If that unborn, not-become, not-made, not-compounded were not, there would be no escape from this here that is born, become, made and compounded. - Gautama Siddharta
Back to top
View user's profile Send private message
jkt
Retired Dev
Retired Dev


Joined: 06 Feb 2004
Posts: 1250
Location: Prague, Czech republic, EU
PostPosted: Wed Nov 17, 2004 1:10 pm    Post subject: Reply with quote
you'll have to built in all stuff needed for boot such as root filesystem, IDE/SCSI disks, your ATA/SCSI controller,...

everything else could be compiled as modules.

but there are also some security-related issues...
Back to top
View user's profile Send private message
jkt
Retired Dev
Retired Dev


Joined: 06 Feb 2004
Posts: 1250
Location: Prague, Czech republic, EU
PostPosted: Wed Nov 17, 2004 1:22 pm    Post subject: Reply with quote
and of course you can use initrd if you want to have your modules available during boot.
Back to top
View user's profile Send private message
mayday147
l33t
l33t


Joined: 22 Mar 2004
Posts: 825
Location: Bucharest, Romania
PostPosted: Wed Nov 17, 2004 1:50 pm    Post subject: Reply with quote
I would choose to have (almost) everything compiled as built-in, because modules can be a security risk , as jkt said. It's supposed that you aren't changing your hardware too often and you know exactly what you need for your system to have everything built-in the kernel.
_________________
gentoo.ro
Back to top
View user's profile Send private message
hecatomb
Guru
Guru


Joined: 02 Sep 2004
Posts: 525
PostPosted: Wed Nov 17, 2004 2:36 pm    Post subject: Reply with quote
Even when module loading support is disabled in the kernel config it is possible to manipulate system calls like LKM rootkits do.
But this is really hard work!

Putting all the needed things into the kernel and disable module loading support will stop script kiddies simply using others rootkits.

I agree to mayday147. A server normally doesn't change in hardware very often!
What else should trigger you to use modules?
Back to top
View user's profile Send private message
jkt
Retired Dev
Retired Dev


Joined: 06 Feb 2004
Posts: 1250
Location: Prague, Czech republic, EU
PostPosted: Wed Nov 17, 2004 2:38 pm    Post subject: Reply with quote
mayday147 wrote:
I would choose to have (almost) everything compiled as built-in, because modules can be a security risk , as jkt said.


security risk is possibility of hacker to load his mallicious modules into kernel, so you'll have to disable modules support in order to prevent this risk. But there are also some other means of getting into kernel space AFAIK, for example /dev/kmem etc...

modules offer you easier way to upgrade as you usually don't have to reboot, just `modprobe -r`, `modprobe`, but it is not always possible and sometimes also not desired. And production machines aren't upgraded to often, anyway.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20582
PostPosted: Wed Nov 17, 2004 3:12 pm    Post subject: Reply with quote
Moved from Other Things Gentoo.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
petrjanda
Veteran
Veteran


Joined: 05 Sep 2003
Posts: 1557
Location: Brno, Czech Republic
PostPosted: Wed Nov 17, 2004 9:18 pm    Post subject: Reply with quote
jkt wrote:
mayday147 wrote:
I would choose to have (almost) everything compiled as built-in, because modules can be a security risk , as jkt said.


security risk is possibility of hacker to load his mallicious modules into kernel, so you'll have to disable modules support in order to prevent this risk. But there are also some other means of getting into kernel space AFAIK, for example /dev/kmem etc...

Well thanx a lot people. As for kmem.. grsecurity is taking care of it

:wink:
_________________
There is, a not-born, a not-become, a not-made, a not-compounded. If that unborn, not-become, not-made, not-compounded were not, there would be no escape from this here that is born, become, made and compounded. - Gautama Siddharta
Back to top
View user's profile Send private message
jkt
Retired Dev
Retired Dev


Joined: 06 Feb 2004
Posts: 1250
Location: Prague, Czech republic, EU
PostPosted: Thu Nov 18, 2004 5:07 pm    Post subject: Reply with quote
hecatomb wrote:

What else should trigger you to use modules?

bzImage has limited size and it's thus possible that all required stuff won't fit into some reasonable size.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy