Live Kernel Patching System

Live Kernel Patching System This is partially a plug for a friend of mine, but its also a really cool system that I think some of you might like. Ksplice is system for automatically patching a Linux kernel without reboots. Jeff Arnold 07, MEng 08 developed this as his masters thesis, and today released the system to the Linux Kernel Mailing List (LKML). Ksplice requires nothing more than the currently running kernel source and the configuration settings, combined with a patch to the source code, to generate a kernel module which, when loaded, can be used to immediately patch vulnerabilities or introduce new behavior. As a maintainer of linux.mit.edu, the SIPB Linux dialup server, Jeff has in the past used Ksplice to keep this server up, which many people on campus rely on. This really has the potential to revolutionize systems administration for high-reliability systems. Butdont take it from me. Take it from Ted Tso 90. Ted is an active kernel hacker who, among other things, developed the ext2 filesystem, the basis for the ext3 filesystem, which is one of the major filesystems used on Linux today. Heres what Ted says in ZDNets article: Top kernel developer and Linux Foundation fellow Ted Ts’o said the Ksplice software is much needed by telecommunications providers and anyone who hates downtime. “It allows you to hot patch the Linux kernel with a security update without rebooting the computer. It’s a binary patch capability that is highly automated,” said Ts’o. “Users in the carrier grade linux space have been clamoring for this for a while. If you are a carrier in telephony and don’t want downtime, this stuff is pure gold.” The best part? It doesn’t require any kernel modifications, Ts’o said. (Heres the LKML posting: http://permalink.gmane.org/gmane.linux.kernel/669951)