[Full-disclosure] Security Updates Without Rebooting
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Nov 9 03:18:17 GMT 2005
On Wed, 09 Nov 2005 01:48:33 +0100, Joxean Koret said:
> In some cases you can hot-patch a kernel without rebooting the system,
> loading a module (lkm) with the patch inside.
Note that this is serious double-or-nothing here, because it's just *so*
easy to totally screw the pooch doing this, and ending up with an outage
*much* longer than a 'shutdown -r' would have caused. Worst case is a stray
pointer causing subtle filesystem damage, undetected for a while......
A much more cost-effective scheme would be 2 systems in a fail-over config,
so that you can reboot one and then the other without a disruption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051108/f70dfaf5/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.