From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg KH Date: Tue, 16 Oct 2001 05:29:23 +0000 Subject: Re: Automatic download and installation of drivers. Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-hotplug@vger.kernel.org On Tue, Oct 16, 2001 at 01:02:37AM +0100, Stamatis Mitrofanis wrote: > Automatic download and installation of drivers. That is definately a > good thing to have (in general). Wow, the security implementations and other complexities involved here are huge. Let try a few examples: - installing a module requires root permissions. You generally do not want to run a compiler as root. - Running anything as root isn't a good idea, unless the program has been audited for security problems. - Who is going to sign/verify the driver you just downloaded to prevent a trojan from being installed? - Lots of user machines do not have compilers installed. What then? - Where are you going to find the .config file that the currently running kernel was built against? Without that, you will not be able to successfully build that module. - What is the guarantee that older kernels will be able to load newer modules? Inter-kernel apis constantly change. The odds that this would work are quite slim. - Distros test their kernels as one package, drivers included. Then they ship with those drivers. Any new drivers fall under the above problem. And there are more problems that I can't think of right now. But the main question I have is: What is the real problem that you are trying to solve? and Why does the current kernel/driver situation not work for you? thanks, greg k-h _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel