Re: [DSA-403-1] Kernel update?

To: debian-user@lists.debian.org
Subject: Re: [DSA-403-1] Kernel update?
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Fri, 5 Dec 2003 23:09:50 -0800
Message-id: <[🔎] 20031206070950.GM9275@ix.netcom.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 87d6b538va.fsf@everett.mit.edu>
References: <[🔎] 20031203202423.GG7046@hank.org> <[🔎] 87d6b538va.fsf@everett.mit.edu>

on Wed, Dec 03, 2003 at 04:10:49PM -0500, David Z Maze (dmaze@debian.org) wrote:
> Bill Moseley <moseley@hank.org> writes:

> > So is the purpose of initrd to have a small kernel but be able to
> > load whatever modules might be needed for the currently running
> > hardware?
> 
> Almost.  You also get to have a kernel that's completely generic; if
> your machine has a SCSI hard disk with reiserfs, and mine is IDE with
> ext3, the an initrd/kernel pair could boot both, without having any of
> the drivers compiled in.

Right.  For stock kernels, initrd cuts down on the permutations which
must be built.

> > ...why not just build a kernel with everything compiled in?  

> My fuzzy memory is that there are a couple of factors.  One is that
> memory for kernel drivers absolutely can't be used for anything else,
> so if you're trying to get the last megabyte out of your system, an
> unused module is cheaper than an unused in-kernel driver.  Another is
> that there are a couple of limits on the size of the kernel, and so
> building everything in blows you over that limit pretty quickly.  For
> a distribution kernel you also might want to install it on floppies,
> which gives you a hard limit on the size of the kernel.  (But yes, all
> of these are becoming less of an issue with more modern hardware.)

...however, if you're building your _own_ kernel, for a static
configuration, compiling in _can_ make sense.

The problem for desktop (and portable) users is that you may still want
to be able to accomodate removeable devices you're not aware of when
you're building the kernel (PCMCIA, USB, etc.).

The _other_ advantage, though of a compile-in-what-you-need kernel is
that you can then turn _off_ loadable module support.  For highly
sensitive servers in hostile-facing environments, this can eliminate an
entire class of potential attacks right there.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Bush/Cheney '04: The last vote you'll ever have to cast.

Attachment: pgp6ga7wFO6fS.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: [DSA-403-1] Kernel update?
  - From: Magnus von Koeller <magnus@vonkoeller.de>

References:
- Re: [DSA-403-1] Kernel update?
  - From: Bill Moseley <moseley@hank.org>
- Re: [DSA-403-1] Kernel update?
  - From: David Z Maze <dmaze@debian.org>

Prev by Date: Re: error
Next by Date: Re: Exim default interface
Previous by thread: Re: [DSA-403-1] Kernel update?
Next by thread: Re: [DSA-403-1] Kernel update?
Index(es):
- Date
- Thread