[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Making SuSE 9.1 a router?? HOW??



> This will work if you have different cards - but not if you have cards 
> of the same type where the module loaded will handle all cards

Yes I was aware of that, but then the same driver will always grab cards
in the same order. However, as Ludwig says, addressing interfaces by MAC
or PCI address (which didn't used to be possible) is ever so much
better.

> Monolithic kernels have some advantages from the security point of view. 
> If the kernel does not support loading modules nobody can temper with 
> the modules. Also, if I have a given hardware constellation which will 
> not change (typical for server applications) why load modules?

The security advantage is thin, ever since someone found out how to do
the equivalent of loading modules in a monolithic kernel many years
back. That the hardware doesn't change is an illusion in my experience.
The network card dies, or refuses to work with some other device, mobo
dies, whatever, it's a server so you're under stress to replace the
part fast. Then you boot up and find you have a monolithic kernel -
that's when you really start rotating...

Volker

-- 
Volker Kuhlmann			is possibly list0570 with the domain in header
http://volker.dnsalias.net/		Please do not CC list postings to me.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here