Re: [Full-disclosure] Security Updates Without Rebooting

Valdis.Kletnieks_at_vt.edu
Date: 11/09/05

  • Next message: crazy frog crazy frog: "[Full-disclosure] sugget a small pentest distro"
    To: Joxean Koret <joxeankoret@gmail.com>
    Date: Tue, 08 Nov 2005 22:18:17 -0500
    
    
    
    

    On Wed, 09 Nov 2005 01:48:33 +0100, Joxean Koret said:
     
    > In some cases you can hot-patch a kernel without rebooting the system,
    > loading a module (lkm) with the patch inside.

    Note that this is serious double-or-nothing here, because it's just *so*
    easy to totally screw the pooch doing this, and ending up with an outage
    *much* longer than a 'shutdown -r' would have caused. Worst case is a stray
    pointer causing subtle filesystem damage, undetected for a while......

    A much more cost-effective scheme would be 2 systems in a fail-over config,
    so that you can reboot one and then the other without a disruption.

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: crazy frog crazy frog: "[Full-disclosure] sugget a small pentest distro"