Re: Hot-patching - Jesper Juhl

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jesper Juhl <jesper.juhl@gmail.com>
To: John Richard Moser <nigelenki@comcast.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Hot-patching
Date: Wed, 21 Sep 2005 00:47:56 +0200	[thread overview]
Message-ID: <9a87484905092015471c2dc329@mail.gmail.com> (raw)
In-Reply-To: <43308815.1000200@comcast.net>

On 9/21/05, John Richard Moser <nigelenki@comcast.net> wrote:
[snip]
> Besides getting rid of a pet peeve of mine (more rebooting than
> absolutely necessary) and giving a way to continuously increase the size
> of the running kernel with each bugfix, this has implications on servers
> that don't want to reboot for whatever reason.  For enterprise
> applications, it would be possible to fix a kernel bug or security hole
> that hasn't been triggered by loading a module with the bugfixes,
> effectively hot-patching the kernel.
> 
[snip]

If you have uptime demands like that I think a much better approach
would be to make sure the box is heavily firewalled so importance of
the security of the host itself drops. If there's no way to get to a
box in a way that enables you to actually exploit a security hole,
then it doesn't matter much that the hole is there at all.

Another option would be a clustered setup where you normally run the
app(s) on nodeA, nodeB ... nodeN, then when you need to upgrade you
move all running applications off of nodeA and upgrade it, move
everything off of nodeB and then upgrade that, repeat for nr of nodes,
finally redistribute the load properly again.

-- 
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

next prev parent reply	other threads:[~2005-09-20 22:47 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-20 22:07 Hot-patching John Richard Moser
2005-09-20 22:18 ` Hot-patching Jesper Juhl
2005-09-20 22:21 ` Hot-patching Valdis.Kletnieks
2005-09-20 22:50   ` Hot-patching John Richard Moser
2005-09-20 22:47 ` Jesper Juhl [this message]
2005-09-20 22:57   ` Hot-patching John Richard Moser
2005-09-20 23:07     ` Hot-patching Jesper Juhl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9a87484905092015471c2dc329@mail.gmail.com \
    --to=jesper.juhl@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nigelenki@comcast.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox