220
Basic System Administration
can be fatal for critical processes and possibly result in a system crash. Recov
ery is not always obvious, but with a rescue disk the system can be rebooted
and the state of /etc/modules and /lib/modules can be investigated. It is not
always obvious that the problem is with the modules. But, having a printed
listing of the files in /etc/modules (along with their file sizes) is a good tool to
have in the recovery file folder when you start looking for solutions to problems.
Modules also provide a potential security risk. Using the exploit of the day ,
a system cracker need only gain root access long enough to copy his version
of the system PPP module to provide an undetectable TCP channel into
the target machine with full root access. Any number of other drivers could
be subverted in this fashion. This makes security even more important with
a modular kernel at the heart of the system. Obviously the security hole
is actually in the exploit of the day and not in the modules as delivered.
Protecting the system from attacks of this nature is no more difficult than
protecting from the exploit of the day . Debian and Linux have a continued
focus on security. Security breeches are announced in the appropriate news
groups. Patches and their locations are announced as well.
Most important of the disadvantages of modular drivers and kerneld has to
do with timing problems and unusual hardware configurations. With some
devices, under certain load conditions, the time it takes kerneld to install and
initialize the driver is long enough for the device to time out, resulting in a
failed installation. So, if an FTP client calls for a network connection, and pppd
isn't running, kerneld will kick off the appropriate processes and, depending
on configuration, dial the number and establish the connection. In the mean
time, however, the FTP client has timed out, waiting for the connection. The
solution here is to try again with the FTP client. By this time the connection
should be established and the connection will go through with no delay. This is
not the best example, since the time delays are very large for a diald type PPP
connection even when everything is compiled into the kernel. If, however, this
system did not time out the FTP connection without kerneld and modules,
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved