[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Making SuSE 9.1 a router?? HOW??



On Mon, 27 Sep 2004, [iso-8859-1] Jürgen Mell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker,
>
> On Sunday 26 September 2004 22:37, Volker Kuhlmann wrote:
> > > One way I found to fix this: build your own kernel and do not
> > > compile the device drivers for the network cards as modules but
> > > include them into the kernel. Now the cards will always get the
> > > same 'eth...' ID.

maybe nameif (man nameif) could be used ?

> > Bad way, IMHO. I'd never even consider monolithic kernels. Try adding
> > the NIC modules to your INITRD_MODULES, in the order you want.
> > Alternatively, insmod the modules from boot.local in the order you
> > want. Untested, but cards get grabbed when their module is loaded.
>
> This will work if you have different cards - but not if you have cards
> of the same type where the module loaded will handle all cards (at
> least it did not work for me).
> Monolithic kernels have some advantages from the security point of view.
> If the kernel does not support loading modules nobody can temper with
> the modules. Also, if I have a given hardware constellation which will
> not change (typical for server applications) why load modules?

-- 
 BINGO: completely leverage other's inexpensive benefits
 --- Engelbert Gruber -------+
  SSG Fintl,Gruber,Lassnig  /
  A6170 Zirl   Innweg 5b   /
  Tel. ++43-5238-93535 ---+

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here