Re: Hot-patching

From: Jesper Juhl (jesper.juhl_at_gmail.com)
Date: 09/21/05

  • Next message: John Richard Moser: "Re: Hot-patching" 
    Date:	Wed, 21 Sep 2005 00:47:56 +0200
To: John Richard Moser <nigelenki@comcast.net>

    On 9/21/05, John Richard Moser <nigelenki@comcast.net> wrote:
    [snip]
    > Besides getting rid of a pet peeve of mine (more rebooting than
    > absolutely necessary) and giving a way to continuously increase the size
    > of the running kernel with each bugfix, this has implications on servers
    > that don't want to reboot for whatever reason. For enterprise
    > applications, it would be possible to fix a kernel bug or security hole
    > that hasn't been triggered by loading a module with the bugfixes,
    > effectively hot-patching the kernel.
    >
    [snip]

    If you have uptime demands like that I think a much better approach
    would be to make sure the box is heavily firewalled so importance of
    the security of the host itself drops. If there's no way to get to a
    box in a way that enables you to actually exploit a security hole,
    then it doesn't matter much that the hole is there at all.

    Another option would be a clustered setup where you normally run the
    app(s) on nodeA, nodeB ... nodeN, then when you need to upgrade you
    move all running applications off of nodeA and upgrade it, move
    everything off of nodeB and then upgrade that, repeat for nr of nodes,
    finally redistribute the load properly again. 

    -- 
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: John Richard Moser: "Re: Hot-patching"

    Relevant Pages

    • Re: Hot-patching
      ... >>Besides getting rid of a pet peeve of mine (more rebooting than ... it would be possible to fix a kernel bug or security hole ... > move all running applications off of nodeA and upgrade it, ...
      (Linux-Kernel)
    • Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)
      ... > Try and imagine if MS required a full upgrade each time ANY flaw ... vulnerability you listed above includes patches for versions of IE ... But hey...might as well make this post into "Big bad Microsoft", ...
      (alt.computer.security)
    • RE: It takes two to tango
      ... [SNIP] ... > If the client was not notified, after the vulnerability was published (not ... > the exploit), businesses affected by the security hole, could sue the ... the potential cost of producing/shipping these plastic pieces. ...
      (Vuln-Dev)
    • [Full-Disclosure] RE: It takes two to tango
      ... [SNIP] ... > If the client was not notified, after the vulnerability was published (not ... > the exploit), businesses affected by the security hole, could sue the ... the potential cost of producing/shipping these plastic pieces. ...
      (Full-Disclosure)
    • Re: OT - Globalization - Computer Migration - Software Upgrading - Nightmare
      ... How about PhotoShop Elements? ... Beta of Lightroom from Adobe and was pretty impressed with it. ... I WAS intending to get the Newest Upgrade that IS compatible with my ...
      (rec.woodworking)