[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: from / to /usr/: a summary

* Philipp Kern <pkern@debian.org> [111226 12:02]:
> Sorry, but what kind of argumentation is that?  If the admin doesn't notice
> reboots and/or file tampering, I could just replace the kernel with my modified
> one and reboot.  Now of course you could increase your paranoia and boot the
> kernel from an immutable disc.  But then I'd just load all relevant modules in
> the initramfs and set modules_disabled there instead of doing custom built
> kernels just to get rid of modules.

As you pointed out so nicely: modules_disabled is only a replacement if
you have a custom initramfs and do not allow that to be modified
automatically. So from the point of the original discussion,
modules_disabled is no solution.

Reply to: