Announcement

Collapse
No announcement yet.

Live Patching Support Planned For Linux 3.20/4.0 Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Live Patching Support Planned For Linux 3.20/4.0 Kernel

    Phoronix: Live Patching Support Planned For Linux 3.20/4.0 Kernel

    It looks like for the Linux 3.20 kernel is when the new kernel live patching technology will be integrated to mainline...

    http://www.phoronix.com/vr.php?view=MTg3MTE

  • #2
    A Feature That Is Long Overdue

    Originally posted by phoronix View Post
    Phoronix: Live Patching Support Planned For Linux 3.20/4.0 Kernel

    It looks like for the Linux 3.20 kernel is when the new kernel live patching technology will be integrated to mainline...

    http://www.phoronix.com/vr.php?view=MTg3MTE
    I know various sysadmins that would love to see this feature implemented and executed well.

    Imagine the positive impact of patching a live kernel "in real time" and then scheduling the system reboot at a more appropriate time.

    Sure, some environments are loathe to change any aspect of a running system even inside a change window, and I can understand that concern, but the potential of this feature as a possible response to "zero day bugs" should not be underestimated. Hence the reason why this feature needs a reliable implementation with corresponding test plans that sysadmins can use to test & benchmark the impact of this feature, and that to me would say this feature was "well executed".

    What could be next? Live patching support with rollback? One can only wonder.

    Comment


    • #3
      Rebooting is so 2001.

      Comment


      • #4
        2015: We will see at least one big attack where this mechanism is used to *add* a backdoor to a running kernel, such that it is invisible in any files, and rebooting only clears it temporarily.

        Comment


        • #5
          Originally posted by curaga View Post
          2015: We will see at least one big attack where this mechanism is used to *add* a backdoor to a running kernel, such that it is invisible in any files, and rebooting only clears it temporarily.
          Exactly what i start to think about since i started to heard about this "new tech"...we can expect someone try to exploit it sooner or later...

          Comment


          • #6
            Originally posted by curaga View Post
            2015: We will see at least one big attack where this mechanism is used to *add* a backdoor to a running kernel, such that it is invisible in any files, and rebooting only clears it temporarily.
            You do not need live patching to do that. A plain old kernel module can do just the same. Indeed, that's exactly what root kits have done for decades.

            Comment


            • #7
              Originally posted by curaga View Post
              2015: We will see at least one big attack where this mechanism is used to *add* a backdoor to a running kernel, such that it is invisible in any files, and rebooting only clears it temporarily.
              You do understand that you need root access to live-patch the kernel, right?
              ... and if you have root, nothing stops you from inserting your own kernel module that dumps the content of each user process, compresses it and sends it to a remote server while bypassing the firewall.

              ... If someone gains root access to your machine, live patching is the least of your concerns.

              - Gilboa
              DEV: Intel S2600C0, 2xE5-2658V2, 32GB, 6x2TB, GTX1080, F32, Dell UP3216Q 4K.
              SRV: Intel S2400GP2, 2xE5-2448L, 96GB, 6x2TB, GTX550, F32, Dell U2711.
              WIN: Gigabyte B85M-HD3, E3-1245V3, 32GB, 5x1TB, GTX980, Win10Pro.
              BAK: Asus H110M-K, i5-6500, 16GB, 3x1TB + 128GB-SSD, F32.
              LAP: ASUS Strix GL502V, i7-6700HQ, 32GB, 1TB+256GB, 1070M, F31.

              Comment

              Working...
              X