Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation

[Justin Swartz <justin.swartz () risingedge co za>]

On Fri, May 1, 2026 at 20:25:17 -0400, Reid Sutherland wrote:
> Why is userspace allowed to load modules in any capacity?

It's potentially useful for autoloading driver modules when PnP
devices are connected, which could be considered deadweight if
they were loaded, or baked into the kernel itself, when the
respective devices aren't present.


> Why do we need kernel modules for math?

To interact with cryptographic acceleration hardware, if present or
desired, and to provide support for kernel subsystems that rely on
encryption, like IPSec or WireGuard.


> I'm assuming any thoroughly qualified platform engineer compiles
> the host kernel without module support.  At least, that needs to
> make a comeback, bring back applying grsec patches and make
> menuconfig..

I'm thoroughly unqualified, so take my opinion with a bag of salt:

If you have a use case that allows you to avoid loadable kernel
modules indefinitely in a completely monolithic kernel then, by
all means, roll your kernel as such and you'll be slightly safer
than those who don't.

Kernel configuration minification doesn't seem to be spoken of
much anymore except by those who have fairly resource constrained
embedded systems that run Linux on some application processor.

If you're prepared to go that far, why not roll your own distro?

LFS is a potentially good starting point, but you can get by with
even less. For example: Linux, musl, busybox, just the applications
(and mandatory dependencies) you need, and some init scripts to tie
it all together.