oss-security - Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@...g vs. linux-distros@

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Tue, 29 Aug 2023 10:46:09 +0200 (CEST)
From: Miroslav Benes <mbenes@...e.cz>
To: Donald Buczek <buczek@...gen.mpg.de>
cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com, 
    Vegard Nossum <vegard.nossum@...cle.com>, Jiri Kosina <jkosina@...e.cz>, 
    ksummit@...ts.linux.dev
Subject: Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues
 -- security@...g vs. linux-distros@

[ apologies for a slight off topic ]

Hi,

On Fri, 25 Aug 2023, Donald Buczek wrote:

> We go a long way to avoid rebooting. This might be as easy as disabling 
> unused dynamic modules by just removing the .ko files from userspace, 
> but sometimes we even convert an upstream fix into a loadable module 
> which uses ftrace to replace or wrap the buggy functions in the running 
> systems. A "reboot party" would only be a measure of last resort.

the kernel live patching infrastructure might help you with this. See 
Documentation/livepatch/ and samples/livepatch/ in the kernel tree.

Regards,
Miroslav

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.