| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Nov 9 03:18:29 2005 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Security Updates Without Rebooting On Wed, 09 Nov 2005 01:48:33 +0100, Joxean Koret said: > In some cases you can hot-patch a kernel without rebooting the system, > loading a module (lkm) with the patch inside. Note that this is serious double-or-nothing here, because it's just *so* easy to totally screw the pooch doing this, and ending up with an outage *much* longer than a 'shutdown -r' would have caused. Worst case is a stray pointer causing subtle filesystem damage, undetected for a while...... A much more cost-effective scheme would be 2 systems in a fail-over config, so that you can reboot one and then the other without a disruption. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051108/f70dfaf5/attachment.bin
Powered by blists - more mailing lists