Re: A system for rebootless kernel security updates

[Jesper Juhl]

2008/4/27 Willy Tarreau <w@xxxxxx>:
> On Sun, Apr 27, 2008 at 12:17:00PM +0200, Pavel Machek wrote:
>  > On Thu 2008-04-24 16:26:44, Tomasz Chmielewski wrote:
>  > > Jeff Arnold wrote:
>  > >
>  > > >I've put together an automatic system for applying
>  > > >kernel security patches to the Linux kernel without
>  > > >rebooting it, and I wanted to share this system with
>  > > >the community in case others find it useful or
>  > > >interesting.
>  > >
>  > > Hmm, the idea seem to be patented by Microsoft, i.e.
>  > > this patent from December 2002:
>  > >
>  > > http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching
>  > >
>  > > (and other patents by Microsoft if you search for
>  > > "hotpatching").
>  >
>  > ...so US will not be able to fix security holes without reboot, good.
>  > Perhaps they fix their stupid laws after next worm outbreak...
>
>  Sounds like a bullshit patent. I remember having loaded a lot of NLM
>  patches under netware 4.0 in 96-97 without ever rebooting. I think
>  that the patches only redefined the faulty symbol(s) they wanted to
>  patch. That was pretty convenient because when in doubt, you could
>  simply unload the modules and get back to previous situation.
>

And then there's 'alternatives' that patch running code, there's kexec
and I guess you could even say that various root kits that patch the
running kernel get prior art on that patent ;)

-- 
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/