Matt Taggart <tagg...@debian.org> wrote: [...] > * I still see the floppy and parallel port module load on many of my > systems because the superio/southbridge/etc happened to have that > device in case the system designer wanted to use it. It's time for > this stuff to go away.
Sounds like a BIOS bug or misconfiguration. In any case I don't think
those devices will be accessible by unprivileged users.
> * firewire is a particular risk, it could be argued that even if the
> hardware _is_ present, the user should have to opt-in to enabling it
I haven't seen a computer shipped with Firewire ports for a good few
years. If they're present than they're probably on an add-on card that
the user wants to use.
> * Debian is cool because it still runs great on old systems, we don't
> want to prevent that, but it would be nice to leave the old baggage
> in a separate package (ISA, old network standards, old filesystems,
> anything that stopped being produced 20+ years ago).
I agree that filesystems are a problem, but not just old ones - they're
all vulnerable to malicious storage devices. Ideally I want removable
storage to be mounted using FUSE by default, not kernel filesystems.
Also util-linux ought not to probe any of those obscure filesystems by
default. Both of these require userland, not kernel, changes.
Network protocols are a big problem, but again this isn't limited to
old ones. I want to disable auto-loading for them by default, so you
have to opt in to get anything but AF_{INET,INET6,NETLINK,PACKET,UNIX}.
In general, the modules I'm concerned about are those that can be
loaded on-demand for unprivileged users. The ModAutoRestrict LSM might
provide a way to deal with those: https://lwn.net/Articles/719385/
The old drivers, however, just aren't going to get loaded so I don't
think they're a problem.
> * This would add complication to an already complicated package.
> Would the benefit be worth it?
No, it's bad enough having to categorise things for udebs.
> * This might be confusing for the very, very, small percentage of
> users where things didn't "just work" with d-i doing the right thing.
It would be a very large percentage because, you know, hotplug is a
thing.
> Would the benefit be worth it?
No.
Ben.
--
Ben Hutchings
The world is coming to an end. Please log off.
signature.asc
Description: This is a digitally signed message part
