Mailinglist Archive: opensuse-security (332 mails)

< Previous Next >
Re: [suse-security] Making SuSE 9.1 a router?? HOW??
  • From: Juergen.Mell@xxxxxxxxxxx (Jürgen Mell)
  • Date: Mon, 27 Sep 2004 19:29:50 +0200
  • Message-id: <200409271929.56216.juergen.mell@xxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker,

On Sunday 26 September 2004 22:37, Volker Kuhlmann wrote:
> > One way I found to fix this: build your own kernel and do not
> > compile the device drivers for the network cards as modules but
> > include them into the kernel. Now the cards will always get the
> > same 'eth...' ID.
>
> Bad way, IMHO. I'd never even consider monolithic kernels. Try adding
> the NIC modules to your INITRD_MODULES, in the order you want.
> Alternatively, insmod the modules from boot.local in the order you
> want. Untested, but cards get grabbed when their module is loaded.

This will work if you have different cards - but not if you have cards
of the same type where the module loaded will handle all cards (at
least it did not work for me).
Monolithic kernels have some advantages from the security point of view.
If the kernel does not support loading modules nobody can temper with
the modules. Also, if I have a given hardware constellation which will
not change (typical for server applications) why load modules?

Jürgen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBWE4RtMrl3JEeRvwRAoo+AKC9pkXQ7fK/isZ5z+1qssZDv0suMwCeLq6d
jZ6pOo0hQYL2GQ+BxsYTfKs=
=vGB+
-----END PGP SIGNATURE-----


< Previous Next >