[ale] Monolithic vs Modularised Kernels

Byron A Jeff byron at cc.gatech.edu
Wed Jul 9 23:31:17 EDT 2003


> 
> The Client that I am doing for is finally pushing Linux into the
> enterprise. Amazing how chap11 can actually help promote better and much
> more superior technologies ;-). I am feverishly replacing a lot of the
> servers with Linux (Redhat) that use to the run the piece of sh!%$^%$ NT ,
> but using a vanilla kernel with the grsecurity patch. Some examples are,
> Samba for the PDC, WINS, Print Server, and even the  production database
> running Sybase (HP-UX) will soon be on Linux. My question is whether to
> build a Monolithic or Modularised Kernel. Read several arguments on
> google, but wanted to see your views. Thanks.

Monolithic kernels are hardware to maintain. Any changes require a kernel
recompile, and a subsequent reboot to install the new kernel. Also there are
no guarantees that a newly compiled kernel will boot.

As long as you turn off kernel module autoloading, the risk of exposure is
both small and total. If an unauthorized user can load a module, you already 
have much bigger problems than the fact that they can load a module.

My general rule of thumb is to compile into the kernel only what is required
to boot the system and have everything else as modules.

BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list