lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4816205D.7000109@tmr.com>
Date:	Mon, 28 Apr 2008 15:07:09 -0400
From:	Bill Davidsen <davidsen@....com>
To:	Tomasz Chmielewski <mangoo@...g.org>
CC:	LKML <linux-kernel@...r.kernel.org>, jbarnold@....EDU,
	francois.cami@...e.fr, Andi Kleen <andi@...stfloor.org>,
	mail@...thworm.de
Subject: Re: A system for rebootless kernel security updates

Tomasz Chmielewski wrote:
> Jeff Arnold wrote:
> 
>> I've put together an automatic system for applying kernel security 
>> patches to the Linux kernel without rebooting it, and I wanted to 
>> share this system with the community in case others find it useful or 
>> interesting.
> 
> Hmm, the idea seem to be patented by Microsoft, i.e. this patent from 
> December 2002:
> 
> http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching
> 
> (and other patents by Microsoft if you search for "hotpatching").
> 
> 
> And those patent descriptions, by the way, remind the way kexec works 
> ("A software module is hotpatched by loading a patch into memory and 
> modifying an instruction in the original module to jump to the patch"), 
> which was released much earlier... In essence, they patented kexec ;)
> 
I think you will find prior art all the way back to the PDP-8 (or 11) 
and if memory serves DTSS, which was in the 1960's. I think MULTICS 
allowed that as well, by patching the library dispatch table (sort of 
like TLB) to map a virtual address of the entry point to a new location.

All of which doesn't matter, of course, because no one has the money to 
challenge MSFT, and it would be in court until the heat death of the 
universe anyway.

-- 
Bill Davidsen <davidsen@....com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ