[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200511090318.jA93IHe7022632@turing-police.cc.vt.edu>
Date: Wed Nov 9 03:18:29 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Security Updates Without Rebooting
On Wed, 09 Nov 2005 01:48:33 +0100, Joxean Koret said:
> In some cases you can hot-patch a kernel without rebooting the system,
> loading a module (lkm) with the patch inside.
Note that this is serious double-or-nothing here, because it's just *so*
easy to totally screw the pooch doing this, and ending up with an outage
*much* longer than a 'shutdown -r' would have caused. Worst case is a stray
pointer causing subtle filesystem damage, undetected for a while......
A much more cost-effective scheme would be 2 systems in a fail-over config,
so that you can reboot one and then the other without a disruption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051108/f70dfaf5/attachment.bin
Powered by blists - more mailing lists