From: Enrico Weigelt <weigelt@metux.de>
To: linux kernel list <linux-kernel@vger.kernel.org>
Subject: Re: A system for rebootless kernel security updates
Date: Thu, 1 May 2008 13:38:02 +0200 [thread overview]
Message-ID: <20080501113802.GC28005@nibiru.local> (raw)
In-Reply-To: <alpine.DEB.1.10.0804281907150.28653@vinegar-pot.mit.edu>
* Jeff Arnold <jbarnold@MIT.EDU> wrote:
Hi,
> I'm willing to undertake the project of bringing the code up to kernel
> coding standards so that it can eventually be considered for mainline.
> I'll plan on undertaking this project if I don't receive feedback that I
> shouldn't do so.
Great think :)
I'd actually like to see it mainline tree (I prefer vanilla kernel
instead of distro specific).
> If people have concerns about the high-level design of the system, it
> would be useful for me to know that information sooner rather than later.
I didn't have the time for an deeper study yet, but as you already
mentioned, there're lots of limitations which can make it harmful:
as soon as interfaces chance, you're in *big* trouble. There should
be a way for finding them (automatically). Maybe extract the
interface signatures (including structs!) so some appropriate place
next to the kernel, so they can be checked before (re)loading the
module.
Ah, of course you can't change code that's not an dynamic module :(
Even this goes OT now - I'd really prefer more things in userland,
eg. network- or synthetic filesystems, crypt stuff, etc - so
there would be less to update within the kernel ;-o
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service - http://www.metux.de/
---------------------------------------------------------------------
Please visit the OpenSource QM Taskforce:
http://wiki.metux.de/public/OpenSource_QM_Taskforce
Patches / Fixes for a lot dozens of packages in dozens of versions:
http://patches.metux.de/
---------------------------------------------------------------------
next prev parent reply other threads:[~2008-05-01 11:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-23 18:59 A system for rebootless kernel security updates Jeff Arnold
2008-04-23 21:37 ` FD Cami
2008-04-24 13:42 ` Andi Kleen
2008-04-28 6:18 ` Jeff Arnold
2008-04-28 10:29 ` Andi Kleen
2008-04-29 6:55 ` Jeff Arnold
2008-04-29 12:57 ` Dan Noe
2008-04-29 22:43 ` Jeff Arnold
2008-05-01 11:38 ` Enrico Weigelt [this message]
2008-05-01 13:35 ` David Collier-Brown
2008-04-24 13:43 ` Christian Hesse
2008-04-24 18:13 ` Jeff Arnold
2008-04-24 19:16 ` Christian Hesse
2008-04-28 6:11 ` Jeff Arnold
-- strict thread matches above, loose matches on Subject: below --
2008-04-24 14:26 Tomasz Chmielewski
2008-04-24 14:42 ` Andi Kleen
2008-04-27 10:17 ` Pavel Machek
2008-04-27 17:00 ` Gilles Espinasse
2008-04-27 17:49 ` Willy Tarreau
2008-04-27 19:51 ` Oliver Pinter
2008-04-27 19:58 ` Jesper Juhl
2008-04-28 19:07 ` Bill Davidsen
2008-04-29 23:39 ` Jeff Arnold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080501113802.GC28005@nibiru.local \
--to=weigelt@metux.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.