LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ksplice: kernel patches without reboots

Ksplice: kernel patches without reboots

Posted Apr 30, 2008 10:00 UTC (Wed) by dambacher (subscriber, #1710)
Parent article: Ksplice: kernel patches without reboots 

what if someone provides a patch to silently _include_ a security hole? 
How can a sysadmin make sure his kernel won't be patched that way?

(Log in to post comments)

Ksplice: kernel patches without reboots

Posted Apr 30, 2008 11:16 UTC (Wed) by nowster (subscriber, #67) [Link] 

The black hats have already done this. Modules that patch the kernel have been part of
rootkits for a while.

Ksplice: kernel patches without reboots

Posted Apr 30, 2008 12:24 UTC (Wed) by nix (subscriber, #2304) [Link] 

Don't allow module loading and remove CAP_SYS_RAWIO from the capability bounding set so that
use of /dev/mem, /dev/kmem et al is barred.

(Of course this stops you using ksplice, systemtap et al as well.)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds