Ksplice allows server administrators to apply security patches to Linux kernel without rebooting the system then. Ksplice takes as input the source code format change to make unified diff and applies the corresponding kernel is running. The running kernel does not need to be prepared before any way.
To be specific, the design of Ksplice is limited to patches that do not introduce semantic changes to data structures, but most security patches do not make such changes.
A test with security patches Linux kernel from May 2005 through December 2007 found that Ksplice could automatically apply the 84% them.
Design Features
- Works with most existing Linux 2.6.x kernel versions (no advance preparation or modifications required)
- Works with most existing kernel configurations (works best with CONFIG_KALLSYMS , but Ksplice can apply many patches without this option)
- Can handle patches to kernel modules and kernel assembly code
- Can handle patches containing symbols that are not in the kernel symbol table (symbols can be discovered from running code)
- Works best if provided with the exact compiler and linker used to compile the original kernel (when the original toolchain is not available, Ksplice will protect against differences in behavior between the original and the toolchain toolchain Used to create the update, and will abort the upgrade Ksplice IF NECESSARY)
0 comments:
Post a Comment