[ale] Monolithic vs Modularised Kernels
Byron A Jeff
byron at cc.gatech.edu
Wed Jul 9 23:31:17 EDT 2003
>
> The Client that I am doing for is finally pushing Linux into the
> enterprise. Amazing how chap11 can actually help promote better and much
> more superior technologies ;-). I am feverishly replacing a lot of the
> servers with Linux (Redhat) that use to the run the piece of sh!%$^%$ NT ,
> but using a vanilla kernel with the grsecurity patch. Some examples are,
> Samba for the PDC, WINS, Print Server, and even the production database
> running Sybase (HP-UX) will soon be on Linux. My question is whether to
> build a Monolithic or Modularised Kernel. Read several arguments on
> google, but wanted to see your views. Thanks.
Monolithic kernels are hardware to maintain. Any changes require a kernel
recompile, and a subsequent reboot to install the new kernel. Also there are
no guarantees that a newly compiled kernel will boot.
As long as you turn off kernel module autoloading, the risk of exposure is
both small and total. If an unauthorized user can load a module, you already
have much bigger problems than the fact that they can load a module.
My general rule of thumb is to compile into the kernel only what is required
to boot the system and have everything else as modules.
BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list