Date: Wed, 30 Jun 2004 13:04:11 -0500 From: Craig Boston <craig@meoqu.gank.org> To: freebsd-stable@freebsd.org, Skylar Thompson <skylar@cs.earlham.edu> Subject: Re: Maximum uptime 497 days? Message-ID: <200406301304.11783.craig@meoqu.gank.org> In-Reply-To: <20040630175241.GC54215@quark.cs.earlham.edu> References: <200406281706.11188.matt@fruitsalad.org> <200406281644.i5SGiM0h097809@lurza.secnetix.de> <20040630175241.GC54215@quark.cs.earlham.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 30 June 2004 12:52 pm, Skylar Thompson wrote: > A lot of security holes can be patched without rebooting. In general, only > kernel updates strictly require a reboot. There have been a few kernel > security vulnerabilities released in the past couple years, but a lot of > them are for DoS attacks, not privelege escelation. Also, _in theory_, even many kernel bugs can be patched without rebooting. A kernel module can bypass an affected function, for example by replacing syscall table entries. It takes a lot of work and knowledge of the guts of the kernel, but it is possible. I've never done this myself but have seen it used in environments such as massive virtual hosting (we may be talking about hundreds of potentially affected servers, each with dozens of users), where a reboot is costly and painful. Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406301304.11783.craig>