Maximum uptime 497 days?
Craig Boston
craig at meoqu.gank.org
Wed Jun 30 11:04:16 PDT 2004
On Wednesday 30 June 2004 12:52 pm, Skylar Thompson wrote:
> A lot of security holes can be patched without rebooting. In general, only
> kernel updates strictly require a reboot. There have been a few kernel
> security vulnerabilities released in the past couple years, but a lot of
> them are for DoS attacks, not privelege escelation.
Also, _in theory_, even many kernel bugs can be patched without rebooting.
A kernel module can bypass an affected function, for example by replacing
syscall table entries. It takes a lot of work and knowledge of the guts of
the kernel, but it is possible.
I've never done this myself but have seen it used in environments such as
massive virtual hosting (we may be talking about hundreds of potentially
affected servers, each with dozens of users), where a reboot is costly and
painful.
Craig
More information about the freebsd-stable
mailing list