From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: Question regarding legitimate loading of kernel modules during runtime
Date: Wed, 07 Oct 2020 09:22:09 +0100
Message-ID: <A30DAA34-4AB2-48B9-8348-B30E034161C3@ipfire.org>
In-Reply-To: <7e85496c-a7af-eb2d-b9ac-c6a5efcc69a5@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1495107581570569241=="
List-Id: <development.lists.ipfire.org>

--===============1495107581570569241==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

We have talked about this on the phone, but just for the record:

No, there is no reason for this. We load kernel modules at runtime, but only =
root does that. AFAIK there is no unprivileged user loading anything whatsoev=
er.

-Michael

> On 5 Oct 2020, at 17:07, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wro=
te:
>=20
> Hello development folks,
>=20
> just to make sure I am not about to submit another breaking patch: Is there=
 any
> legitimate reason why a non-privileged user shall load kernel modules on an=
 IPFire
> machine during its runtime?
>=20
> Personally, I am only aware of some connection tracking stuff, but these re=
quire
> a reboot, thus being out of scope. Unless I overlooked something else, I wo=
uld like
> to file a patch turning dev.tty.ldisc_autoload to 0. :-)
>=20
> (Further information is available at https://lkml.org/lkml/2019/4/15/890)
>=20
> Thanks, and best regards,
> Peter M=C3=BCller


--===============1495107581570569241==--