Re: [Full-disclosure] Security Updates Without Rebooting
Valdis.Kletnieks_at_vt.edu
Date: 11/09/05
- Previous message: Joxean Koret: "Re: [Full-disclosure] Security Updates Without Rebooting"
- In reply to: Joxean Koret: "Re: [Full-disclosure] Security Updates Without Rebooting"
- Next in thread: Joachim Schipper: "Re: [Full-disclosure] Security Updates Without Rebooting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Joxean Koret <joxeankoret@gmail.com> Date: Tue, 08 Nov 2005 22:18:17 -0500
On Wed, 09 Nov 2005 01:48:33 +0100, Joxean Koret said:
> In some cases you can hot-patch a kernel without rebooting the system,
> loading a module (lkm) with the patch inside.
Note that this is serious double-or-nothing here, because it's just *so*
easy to totally screw the pooch doing this, and ending up with an outage
*much* longer than a 'shutdown -r' would have caused. Worst case is a stray
pointer causing subtle filesystem damage, undetected for a while......
A much more cost-effective scheme would be 2 systems in a fail-over config,
so that you can reboot one and then the other without a disruption.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/pgp-signature attachment: stored
- Previous message: Joxean Koret: "Re: [Full-disclosure] Security Updates Without Rebooting"
- In reply to: Joxean Koret: "Re: [Full-disclosure] Security Updates Without Rebooting"
- Next in thread: Joachim Schipper: "Re: [Full-disclosure] Security Updates Without Rebooting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
