--- linux-2.4.28/fs/proc/proc_misc.c	2004-08-07 16:26:06.000000000 -0700
+++ linux/fs/proc/proc_misc.c	2005-01-12 14:30:28.000000000 -0800
@@ -276,6 +276,27 @@ static int modules_read_proc(char *page,
 	return proc_calc_metrics(page, start, off, count, eof, len);
 }
 
+extern int module_loading_enabled;
+
+static int modules_write_proc(struct file *file, const char *buffer,
+                        unsigned long count, void *data)
+{
+       char tmp[4];
+
+       if (!count)
+               return -EINVAL;
+       if (count > 4)
+               count = 4;
+       if (copy_from_user(&tmp[0], buffer, count))
+               return -EFAULT;
+
+       if (tmp[0]=='o') {
+               printk(KERN_INFO "Disabled module (un)loading\n");
+               module_loading_enabled = 0;
+       }
+       return count;
+}
+
 extern struct seq_operations ksyms_op;
 static int ksyms_open(struct inode *inode, struct file *file)
 {
@@ -605,9 +626,6 @@ void __init proc_misc_init(void)
 #ifdef CONFIG_STRAM_PROC
 		{"stram",	stram_read_proc},
 #endif
-#ifdef CONFIG_MODULES
-		{"modules",	modules_read_proc},
-#endif
 		{"stat",	kstat_read_proc},
 		{"devices",	devices_read_proc},
 #if !defined(CONFIG_ARCH_S390) && !defined(CONFIG_X86)
@@ -670,4 +688,10 @@ void __init proc_misc_init(void)
 			entry->proc_fops = &ppc_htab_operations;
 	}
 #endif
+#ifdef CONFIG_MODULES
+       entry = create_proc_read_entry("modules",  0, NULL, modules_read_proc, NULL);
+       if (entry)
+               entry->write_proc = modules_write_proc;
+#endif
+
 }
--- linux-2.4.28/kernel/module.c	2003-08-25 04:44:44.000000000 -0700
+++ linux/kernel/module.c	2005-01-12 14:30:28.000000000 -0800
@@ -67,6 +67,8 @@ static struct list_head ime_list = LIST_
 static spinlock_t ime_lock = SPIN_LOCK_UNLOCKED;
 static int kmalloc_failed;
 
+int module_loading_enabled = 1;
+
 /*
  *	This lock prevents modifications that might race the kernel fault
  *	fixups. It does not prevent reader walks that the modules code
@@ -298,6 +300,10 @@ sys_create_module(const char *name_user,
 
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
+
+        if (!module_loading_enabled)
+                return -ENOSYS;
+
 	lock_kernel();
 	if ((namelen = get_mod_name(name_user, &name)) < 0) {
 		error = namelen;
@@ -353,6 +359,8 @@ sys_init_module(const char *name_user, s
 
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
+        if (!module_loading_enabled)
+                return -ENOSYS;
 	lock_kernel();
 	if ((namelen = get_mod_name(name_user, &name)) < 0) {
 		error = namelen;
@@ -615,6 +623,9 @@ sys_delete_module(const char *name_user)
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
 
+        if (!module_loading_enabled)
+                return -ENOSYS;
+
 	lock_kernel();
 	if (name_user) {
 		if ((error = get_mod_name(name_user, &name)) < 0)
@@ -969,6 +980,8 @@ sys_get_kernel_syms(struct kernel_sym *t
 	int i;
 	struct kernel_sym ksym;
 
+        if (!module_loading_enabled)
+                return -ENOSYS;
 	lock_kernel();
 	for (mod = module_list, i = 0; mod; mod = mod->next) {
 		/* include the count for the module name! */