An open source project from the Massachusetts Institute of Technology (MIT) is working to automate the process of applying security patches to the Linux kernel without rebooting, and it's getting notice by the Linux Foundation.
"It allows you to hot patch the Linux kernel with a security update without rebooting the computer. It's a binary patch capability that is highly automated," kernel developer and Linux Foundation fellow Ted Ts'o said.
"Users in the carrier grade linux space have been clamouring for this for a while. If you are a carrier in telephony and don't want downtime, this stuff is pure gold," he said.
Ksplice was tested against Linux security patches from May of 2005 to December of 2007 and automatically (and successfully) patched 84 percent of 50 "significant kernel vulnerabilities" in that timeframe. Ksplice can handle many security updates but not changes to data structures, the report notes.
It is available under GPL 2 and has been tested on Linux kernel versions from 2.6.8 to the recently released 2.6.25 and on several Linux distributions including Debian, Ubuntu, Red Hat Enterprise Linux and Gentoo, Arnold writes.
Ksplice developer and MIT graduate student Jeffrey Brian Arnold notes that the software is still in test mode and can cause problems. He also acknowledges that Ksplice could theoretically help "bad guys" introduce bad code into the kernel but maintains those folks already have the tools to do harm.
However, there are no commercial plans at the moment from the Ksplice developers and the software is currently available to the public for free.