A Feature That Is Long Overdue

I know various sysadmins that would love to see this feature implemented and executed well.

Imagine the positive impact of patching a live kernel "in real time" and then scheduling the system reboot at a more appropriate time.

Sure, some environments are loathe to change any aspect of a running system even inside a change window, and I can understand that concern, but the potential of this feature as a possible response to "zero day bugs" should not be underestimated. Hence the reason why this feature needs a reliable implementation with corresponding test plans that sysadmins can use to test & benchmark the impact of this feature, and that to me would say this feature was "well executed".

What could be next? Live patching support with rollback? One can only wonder.

Rebooting is so 2001.

2015: We will see at least one big attack where this mechanism is used to *add* a backdoor to a running kernel, such that it is invisible in any files, and rebooting only clears it temporarily.

Exactly what i start to think about since i started to heard about this "new tech"...we can expect someone try to exploit it sooner or later...

You do not need live patching to do that. A plain old kernel module can do just the same. Indeed, that's exactly what root kits have done for decades.

You do understand that you need root access to live-patch the kernel, right?
... and if you have root, nothing stops you from inserting your own kernel module that dumps the content of each user process, compresses it and sends it to a remote server while bypassing the firewall.

... If someone gains root access to your machine, live patching is the least of your concerns.

- Gilboa