Board index Linux New Technologies

Moderator: chandranjoy

Ksplice for Linux

Postby chandranjoy » Sat Jan 29, 2011 6:12 pm

What is Ksplice Uptrack?
Ksplice Uptrack is a subscription service that lets you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.

Design
Ksplice can apply patches to the Linux kernel without rebooting the computer. Ksplice takes as input a unified diff and the original kernel source code, and it updates the running kernel in memory. Using Ksplice does not require any preparation before the system is originally booted (the running kernel does not need to have been specially compiled, for example). In order to generate an update, Ksplice must determine what code within the kernel has been changed by the source code patch. Ksplice performs this analysis at the ELF object code layer, rather than at the C source code layer.
To apply a patch, Ksplice first freezes execution of a computer so it is the only program running. The system verifies that no processors were in the middle of executing functions that will be modified by the patch. Ksplice modifies the beginning of changed functions so that they instead point to new, updated versions of those functions, and modifies data and structures in memory that need to be changed. Finally, Ksplice resumes each processor running where it left off.
To be fully automatic, Ksplice's design was originally limited to patches that did not introduce semantic changes to data structures, since most Linux kernel security patches do not make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to May 2008 found that Ksplice was able to apply all of the 64 significant kernel vulnerabilities discovered in that interval. For patches that do introduce semantic changes to data structures, Ksplice requires a programmer to write a short amount of additional code to help apply the patch. This was necessary for 12% of the updates in that time period.

Service
The Ksplice company offers hot updates for the Red Hat, Cent OS, Debian, Ubuntu, Fedora, and CloudLinux distributions of Linux using the Ksplice technology. The virtualization technologies OpenVZ and Virtuozzo are also supported.

Ksplice - FAQ

http://www.ksplice.com/uptrack/faq

Kplice - Guide
http://www.ksplice.com/doc/ksplice.pdf

Njoy :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to New Technologies

Who is online

Users browsing this forum: No registered users and 1 guest


cron