Re: A system for rebootless kernel security updates

From: David Collier-Brown
Date: Thu May 01 2008 - 09:37:47 EST

Next message: Miles Lane: "2.6.25-git16 -- IEEE 1394 device has ROM CRC error -- No /dev/video0 device"
Previous message: Adrian Bunk: "Re: RFC: starting a kernel-testers group for newbies"
In reply to: Enrico Weigelt: "Re: A system for rebootless kernel security updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Enrico Weigelt wrote:

I didn't have the time for an deeper study yet, but as you already
mentioned, there're lots of limitations which can make it harmful:
as soon as interfaces chance, you're in *big* trouble. There should
be a way for finding them (automatically). Maybe extract the interface signatures (including structs!) so some appropriate place
next to the kernel, so they can be checked before (re)loading the
module.

Actually there is a mature discipline around data changes that
dates back to before Unix v7, but it's off-topic for this
discussion: it would make the changes too big (;-))

If anyone is interested, see http://multicians.org/stachour.html
and/or send me mail

--dave (reading LKML when he should be working) c-b
--
David Collier-Brown | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb@xxxxxxx | -- Mark Twain
(905) 943-1983, cell: (647) 833-9377, (800) 555-9786 x56583
bridge: (877) 385-4099 code: 506 9191#
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miles Lane: "2.6.25-git16 -- IEEE 1394 device has ROM CRC error -- No /dev/video0 device"
Previous message: Adrian Bunk: "Re: RFC: starting a kernel-testers group for newbies"
In reply to: Enrico Weigelt: "Re: A system for rebootless kernel security updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]