Ksplice, Rebootless Linux Kernel Security Updates - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Ksplice, Rebootless Linux Kernel Security Updates

User Rating:

How can I rate this item?

Source: http://kerneltrap.org/Linux/Ksplice_Rebootless_Linux_Kernel_Security_Updates - Posted by Bill Keys

"I've put together an automatic system for applying kernel security patches to the Linux kernel without rebooting it, and I wanted to share this system with the community in case others find it useful or interesting," said Jeff Arnold, announcing ksplice. He explained, "the system takes as input a kernel security patch (which can be a unified diff taken directly from Linus' GIT tree) and the source code corresponding to the running kernel, and it automatically creates a set of kernel modules to perform the update. The running kernel does not need to have been customized in advance in any way." What do you think about ksplice? It sound like a great improvement for Linux security. I am interested in how well it works. Will in work for all security updates?

Read this full article at http://kerneltrap.org/Linux/Ksplice_Rebootless_Linux_Kernel_Security_Updates

Comments

it's a tool

Written by Lee on 2008-04-28 09:33:13

It's a tool, not a security feature. This could be used for patching your kernel against vulnerabilities, yes. It could also be used by hackers to inject code into a running kernel, even on a system that boots from read-only CD and is thought to have a "guaranteed" kernel.

Interesting

Written by mike on 2008-05-05 08:19:49

Interesting development

Good intentions

Written by Steve on 2008-05-08 17:32:25

I'm sure that this is meant to be a security feature, but the fact is that it is able to inject code (not a patch, CODE) into a running kernel. Neat.

It's all about the implementation now; how can we be sure that the injected code was welcome?

The road to hell is paved with good intentions.

Linux security

Written by mike on 2008-05-09 07:56:46

They say that too about the Linux Security Modules ( LSM). That you can easy load malicious code into the kernel with a loadable module.

If the attacker gets to the point where they can have permission to patch the kernel then your system has a bigger security whole to look for.

If you have setup good permission for users and groups and a strong firewall then you should not have to worry about an attacker gaining access to patch the kernel.

But being able to add security patches to the Kernel without rebooting will cause more system admin to patch their servers more often. Which will help protect the system from the Zero-Day attacks.

Only registered users can write comments.
Please login or register.