Re: A system for rebootless kernel security updates - Kernel

This is a discussion on Re: A system for rebootless kernel security updates - Kernel ; Jeff Arnold wrote: > I've put together an automatic system for applying kernel security patches > to the Linux kernel without rebooting it, and I wanted to share this > system with the community in case others find it useful ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Re: A system for rebootless kernel security updates

  1. Re: A system for rebootless kernel security updates

    Jeff Arnold wrote:

    > I've put together an automatic system for applying kernel security patches
    > to the Linux kernel without rebooting it, and I wanted to share this
    > system with the community in case others find it useful or interesting.


    Hmm, the idea seem to be patented by Microsoft, i.e. this patent from
    December 2002:

    http://www.google.com/patents?id=cVy...dq=hotpatching

    (and other patents by Microsoft if you search for "hotpatching").


    And those patent descriptions, by the way, remind the way kexec works
    ("A software module is hotpatched by loading a patch into memory and
    modifying an instruction in the original module to jump to the patch"),
    which was released much earlier... In essence, they patented kexec


    --
    Tomasz Chmielewski
    http://wpkg.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: A system for rebootless kernel security updates


    > And those patent descriptions, by the way, remind the way kexec works
    > ("A software module is hotpatched by loading a patch into memory and
    > modifying an instruction in the original module to jump to the patch"),
    > which was released much earlier... In essence, they patented kexec


    The basic patching idea is old and has been used many times, long
    predating kexec. e.g. it's a common way to implement incremental linkers
    too.

    -Andi

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: A system for rebootless kernel security updates

    On Thu 2008-04-24 16:26:44, Tomasz Chmielewski wrote:
    > Jeff Arnold wrote:
    >
    > >I've put together an automatic system for applying
    > >kernel security patches to the Linux kernel without
    > >rebooting it, and I wanted to share this system with
    > >the community in case others find it useful or
    > >interesting.

    >
    > Hmm, the idea seem to be patented by Microsoft, i.e.
    > this patent from December 2002:
    >
    > http://www.google.com/patents?id=cVy...dq=hotpatching
    >
    > (and other patents by Microsoft if you search for
    > "hotpatching").


    ....so US will not be able to fix security holes without reboot, good.
    Perhaps they fix their stupid laws after next worm outbreak...

    Pavel
    --
    (english) http://www.livejournal.com/~pavelmachek
    (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pav...rses/blog.html
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  4. Re: A system for rebootless kernel security updates

    and if i good know, the macos make too the kernel updates

    On 4/27/08, Willy Tarreau wrote:
    > On Sun, Apr 27, 2008 at 12:17:00PM +0200, Pavel Machek wrote:
    > > On Thu 2008-04-24 16:26:44, Tomasz Chmielewski wrote:
    > > > Jeff Arnold wrote:
    > > >
    > > > >I've put together an automatic system for applying
    > > > >kernel security patches to the Linux kernel without
    > > > >rebooting it, and I wanted to share this system with
    > > > >the community in case others find it useful or
    > > > >interesting.
    > > >
    > > > Hmm, the idea seem to be patented by Microsoft, i.e.
    > > > this patent from December 2002:
    > > >
    > > > http://www.google.com/patents?id=cVy...dq=hotpatching
    > > >
    > > > (and other patents by Microsoft if you search for
    > > > "hotpatching").

    > >
    > > ...so US will not be able to fix security holes without reboot, good.
    > > Perhaps they fix their stupid laws after next worm outbreak...

    >
    > Sounds like a bull**** patent. I remember having loaded a lot of NLM
    > patches under netware 4.0 in 96-97 without ever rebooting. I think
    > that the patches only redefined the faulty symbol(s) they wanted to
    > patch. That was pretty convenient because when in doubt, you could
    > simply unload the modules and get back to previous situation.
    >
    > > Pavel

    >
    > Willy
    >
    > --
    > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    > the body of a message to majordomo@vger.kernel.org
    > More majordomo info at http://vger.kernel.org/majordomo-info.html
    > Please read the FAQ at http://www.tux.org/lkml/
    >



    --
    Thanks,
    Oliver
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: A system for rebootless kernel security updates

    2008/4/27 Willy Tarreau :
    > On Sun, Apr 27, 2008 at 12:17:00PM +0200, Pavel Machek wrote:
    > > On Thu 2008-04-24 16:26:44, Tomasz Chmielewski wrote:
    > > > Jeff Arnold wrote:
    > > >
    > > > >I've put together an automatic system for applying
    > > > >kernel security patches to the Linux kernel without
    > > > >rebooting it, and I wanted to share this system with
    > > > >the community in case others find it useful or
    > > > >interesting.
    > > >
    > > > Hmm, the idea seem to be patented by Microsoft, i.e.
    > > > this patent from December 2002:
    > > >
    > > > http://www.google.com/patents?id=cVy...dq=hotpatching
    > > >
    > > > (and other patents by Microsoft if you search for
    > > > "hotpatching").

    > >
    > > ...so US will not be able to fix security holes without reboot, good.
    > > Perhaps they fix their stupid laws after next worm outbreak...

    >
    > Sounds like a bull**** patent. I remember having loaded a lot of NLM
    > patches under netware 4.0 in 96-97 without ever rebooting. I think
    > that the patches only redefined the faulty symbol(s) they wanted to
    > patch. That was pretty convenient because when in doubt, you could
    > simply unload the modules and get back to previous situation.
    >


    And then there's 'alternatives' that patch running code, there's kexec
    and I guess you could even say that various root kits that patch the
    running kernel get prior art on that patent

    --
    Jesper Juhl
    Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
    Plain text mails only, please http://www.expita.com/nomime.html
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  6. Re: A system for rebootless kernel security updates

    > i.e. this patent from December 2002

    That's a patent application, not a patent. That application has received
    a "final rejection" from the U.S. patent office (Microsoft is appealing,
    but so far their attempts at arguing the merits of the application have
    not been successful). You can browse the relevant documents at

    http://portal.uspto.gov/external/portal/pair

    (The application number is 10/307,902).

    Jeff Arnold
    jbarnold@mit.edu
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread