Re: Question regarding legitimate loading of kernel modules during runtime

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Question regarding legitimate loading of kernel modules during runtime
Date: Wed, 07 Oct 2020 09:22:09 +0100	[thread overview]
Message-ID: <A30DAA34-4AB2-48B9-8348-B30E034161C3@ipfire.org> (raw)
In-Reply-To: <7e85496c-a7af-eb2d-b9ac-c6a5efcc69a5@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 933 bytes --]

Hello,

We have talked about this on the phone, but just for the record:

No, there is no reason for this. We load kernel modules at runtime, but only root does that. AFAIK there is no unprivileged user loading anything whatsoever.

-Michael

> On 5 Oct 2020, at 17:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Hello development folks,
> 
> just to make sure I am not about to submit another breaking patch: Is there any
> legitimate reason why a non-privileged user shall load kernel modules on an IPFire
> machine during its runtime?
> 
> Personally, I am only aware of some connection tracking stuff, but these require
> a reboot, thus being out of scope. Unless I overlooked something else, I would like
> to file a patch turning dev.tty.ldisc_autoload to 0. :-)
> 
> (Further information is available at https://lkml.org/lkml/2019/4/15/890)
> 
> Thanks, and best regards,
> Peter Müller

     prev parent reply	other threads:[~2020-10-07  8:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-05 16:07 Peter Müller
2020-10-05 19:45 ` [PATCH] sysctl.conf: prevent autoloading of TTY line disciplines Peter Müller
2020-10-06 12:26   ` Michael Tremer
2020-10-06 13:03     ` Peter Müller
2021-04-02 19:30       ` Peter Müller
2021-04-06 10:15         ` Michael Tremer
2020-10-07  8:22 ` Michael Tremer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=A30DAA34-4AB2-48B9-8348-B30E034161C3@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox