||Vanishing Features of the 2.6 Kernel|
|Subject:||Security and binary modules|
It appears to be a practical necessity, at least for now, to allow binary-only driver modules. Unless I'm mistaken, this opens a large security hole into the heart of the kernel; a module that isn't subject to peer review is liable to contain anything.
This suggests that it would be desirable to build a censor into the kernel API that accepts modules, so as to limit the facilities the module has access to.