[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Making SuSE 9.1 a router?? HOW??



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker,

On Sunday 26 September 2004 22:37, Volker Kuhlmann wrote:
> > One way I found to fix this: build your own kernel and do not
> > compile the device drivers for the network cards as modules but
> > include them into the kernel. Now the cards will always get the
> > same 'eth...' ID.
>
> Bad way, IMHO. I'd never even consider monolithic kernels. Try adding
> the NIC modules to your INITRD_MODULES, in the order you want.
> Alternatively, insmod the modules from boot.local in the order you
> want. Untested, but cards get grabbed when their module is loaded.

This will work if you have different cards - but not if you have cards 
of the same type where the module loaded will handle all cards (at 
least it did not work for me).
Monolithic kernels have some advantages from the security point of view. 
If the kernel does not support loading modules nobody can temper with 
the modules. Also, if I have a given hardware constellation which will 
not change (typical for server applications) why load modules?

   Jürgen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBWE4RtMrl3JEeRvwRAoo+AKC9pkXQ7fK/isZ5z+1qssZDv0suMwCeLq6d
jZ6pOo0hQYL2GQ+BxsYTfKs=
=vGB+
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here