login
Header Space

 
 

Re: A system for rebootless kernel security updates

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: linux kernel list <linux-kernel@...>
Date: Thursday, May 1, 2008 - 7:38 am

* Jeff Arnold <jbarnold@MIT.EDU> wrote:

Hi,


Great think :)
I'd actually like to see it mainline tree (I prefer vanilla kernel
instead of distro specific). 


I didn't have the time for an deeper study yet, but as you already
mentioned, there're lots of limitations which can make it harmful:
as soon as interfaces chance, you're in *big* trouble. There should
be a way for finding them (automatically). Maybe extract the 
interface signatures (including structs!) so some appropriate place
next to the kernel, so they can be checked before (re)loading the
module.

Ah, of course you can't change code that's not an dynamic module :(


Even this goes OT now - I'd really prefer more things in userland,
eg. network- or synthetic filesystems, crypt stuff, etc - so 
there would be less to update within the kernel ;-o

cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service - http://www.metux.de/
---------------------------------------------------------------------
 Please visit the OpenSource QM Taskforce:
 	http://wiki.metux.de/public/OpenSource_QM_Taskforce
 Patches / Fixes for a lot dozens of packages in dozens of versions:
	http://patches.metux.de/
---------------------------------------------------------------------
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
A system for rebootless kernel security updates, Jeff Arnold, (Wed Apr 23, 2:59 pm)
Re: A system for rebootless kernel security updates, Christian Hesse, (Thu Apr 24, 9:43 am)
Re: A system for rebootless kernel security updates, Jeff Arnold, (Thu Apr 24, 2:13 pm)
Re: A system for rebootless kernel security updates, Christian Hesse, (Thu Apr 24, 3:16 pm)
Re: A system for rebootless kernel security updates, Jeff Arnold, (Mon Apr 28, 2:11 am)
Re: A system for rebootless kernel security updates, Andi Kleen, (Thu Apr 24, 9:42 am)
Re: A system for rebootless kernel security updates, Jeff Arnold, (Mon Apr 28, 2:18 am)
Re: A system for rebootless kernel security updates, Andi Kleen, (Mon Apr 28, 6:29 am)
Re: A system for rebootless kernel security updates, Jeff Arnold, (Tue Apr 29, 2:55 am)
Re: A system for rebootless kernel security updates, Enrico Weigelt, (Thu May 1, 7:38 am)
Re: A system for rebootless kernel security updates, David Collier-Brown, (Thu May 1, 9:35 am)
Re: A system for rebootless kernel security updates, Jeff Arnold, (Tue Apr 29, 6:43 pm)
speck-geostationary