Linus Torvalds writes: (Summary) wrote:
Just thinking about the DCCP case, where networking people actually knew it was pretty deprecated and had no real maintainer, I think one thing to look at would be simply a per-module flag. That kind of thing should be fairly easy to implement, along the same lines as the module license - it just sets a flag in the ELF section headers.
headers.
With something like that, we literally could make the default be "no autoloading except for root", and then just mark the modules that we think are ok and well maintained.
think are ok and well maintained.
Sure, if you then do a lock-down mode that makes that flag parsing stricter, then that's a separate thing.
[...]
allow an admin to turn those off?Just thinking about the DCCP case, where networking people actually knew it was pretty deprecated and had no real maintainer, I think one thing to look at would be simply a per-module flag. That kind of thing should be fairly easy to implement, along the same lines as the module license - it just sets a flag in the ELF section headers.
headers.
With something like that, we literally could make the default be "no autoloading except for root", and then just mark the modules that we think are ok and well maintained.
think are ok and well maintained.
Sure, if you then do a lock-down mode that makes that flag parsing stricter, then that's a separate thing.