Re: A system for rebootless kernel security updates

From: Bill Davidsen
Date: Mon Apr 28 2008 - 15:01:01 EST


Tomasz Chmielewski wrote:
Jeff Arnold wrote:

I've put together an automatic system for applying kernel security patches to the Linux kernel without rebooting it, and I wanted to share this system with the community in case others find it useful or interesting.

Hmm, the idea seem to be patented by Microsoft, i.e. this patent from December 2002:

http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching

(and other patents by Microsoft if you search for "hotpatching").


And those patent descriptions, by the way, remind the way kexec works ("A software module is hotpatched by loading a patch into memory and modifying an instruction in the original module to jump to the patch"), which was released much earlier... In essence, they patented kexec ;)

I think you will find prior art all the way back to the PDP-8 (or 11) and if memory serves DTSS, which was in the 1960's. I think MULTICS allowed that as well, by patching the library dispatch table (sort of like TLB) to map a virtual address of the entry point to a new location.

All of which doesn't matter, of course, because no one has the money to challenge MSFT, and it would be in court until the heat death of the universe anyway.

--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/