Applying updates to an active kernel with Ksplice
The current 0.8.6 version is available as a tarball with prebuilt binaries or as a source code archive under the GPLv2. Distribution packages do not exist as of this writing. If you build the tool from the source code, you will also need the BFD library, which you can retrieve on Debian or a derivative such as Ubuntu with the following command:
sudo aptitude install binutils-dev
Prominent developers, including Andi Kleen, have proposed adding Ksplice to the official kernel as an upstream extension. Kleen hopes this step would mean permanent support for the project, which would, in the long term, lead to an incremental compiler . This would remove the need for developers to completely rebuild the kernel to test and modify patches.
The program itself consists of four Perl scripts that call a number of tools written in C to analyze the object code. ksplice-create only needs a path to the directory with the running kernel and details of the patch. One practical feature is that the administrator can specify a change in diff format with the --patch option or specify a file with the --diffext option in which the changes have already been completed. On top of this, the program needs a ksplice subdirectory in the kernel tree, where the administrator stores both the kernel configuration and the symbol table (see Figure 3).
Depending on what kind of system you are using, the first phase can take a while because Ksplice needs to build two complete kernels: one in ksplice/pre and one in ksplice/post. After doing so, the program searches for differences and merges the results to create two kernel modules.
By calling ksplice-apply, you can apply the hotfix. The program first loads a module that takes care of trampoline management, then waits for the right moment. When the moment occurs, Ksplice loads the changes into the kernel, executes them, then removes itself to save memory.
Ksplice can also change a patched kernel. To do so, the patches from the first phase must reside in the source code's pre tree. ksplice-create and ksplice-apply take the trampolines into consideration and modify them correspondingly. The same mechanism makes it possible to undo changes by calling ksplice-undo because the system "remembers" the vector addresses. ksplice-view shows the changes performed by Ksplice.
On his website, Ksplice author Jeffrey Brian Arnold shows another potential application scenario for the tool: debugging the active kernel. If you just want to add a couple of printk() calls at various points to view data structures that are otherwise difficult to access, Ksplice gives you a simple approach to injecting them into a running system. However, this approach does not lend itself to more complex applications, for which dynamically loadable modules, Kprobes, or Systemtap are more useful.
Developers have pointed out that Microsoft posted a patent application with the US Patent Office (USPO) in December 2002 titled "Patching of In-Use Functions on a Running Computer System." USPO had refused the application, and Microsoft had appealed and posted a whole bunch of additional applications, including one for Efficient Patching (USPO reference 20050257208).
In response to this, half a dozen developers piped up in various forums pointing out that this technology was public knowledge on various platforms from PDP-11 through a state-of-the-art PC long before the software patent application was filed.
Buy this article as PDF
Report from the X-Force group says attackers are using TOR to hide their crimes
Future Firefox extensions will be compatible with Chrome.
Better read this if you bought your computer before 2011
Users should upgrade to the new version as soon as possible
Xen project announces a privilege escalation problem for Qemu host systems
Attackers can compromise an Android phone just by sending a text message
PC vendor will pre-install Ubuntu on portables in India.
More embarrassment for Adobe's embattled multimedia tool
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.