KSplice in Fedora?

Bill McGonigle bill at bfccomputing.com
Wed Jul 1 16:44:45 UTC 2009


On 06/30/2009 01:20 PM, Jochen Schmitt wrote:
> Am 30.06.2009 19:04, schrieb Bill McGonigle:
>> > ksplice updates are only available for:
>> >
>> > 1. kernels that have been the lastest kernel in the past two weeks
>> > 2. kernel updates that are remotely exploitable
>> > 3. kernel updates that rate 'high' on CVSS
>> >
>> > I'd have to do more research to be sure, but just guessing this feels
>> > like 0-4 candidates per Fedora release cycle.
> Please keep in mind, that you can't handle a kernel update, if globlal
> structure was changed.

Jon says this isn't so (BTW, Jon, thanks for the very informative post
if you're reading this).  But most kernel security updates don't do this
anyway, to the best of my knowledge.  They're fixing a buffer check,
adding an extra if to validate an assumption, etc.

> Because Fedora has several kernel update in the
> lifetime, you have to create a ksplice kernelpatch for each kernel release
> which is available on Fedora.

Since you quoted my post with criteria to avoid this, I have to assume
I'm missing your point here.  Could you clarify?

-Bill

-- 
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
http://www.bfccomputing.com/    Cell: 603.252.2606
Twitter, etc.: bill_mcgonigle   Page: 603.442.1833
Email, IM, VOIP: bill at bfccomputing.com
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf




More information about the devel mailing list