Ksplice: kernel patches without reboots
The kernel developers are generally quite good about responding to security problems. Once a vulnerability in the kernel has been found, a patch comes out in short order; system administrators can then apply the patch (or get a patched kernel from their distributor), reboot the system, and get on with life knowing that the vulnerability has been fixed. It is a system which works pretty well.
One little problem remains, though: rebooting the system is a pain. At a minimum, it requires a few minutes of down time. With ksplice, system administrators can have the best of both worlds: security fixes without unsightly reboots.
[ Read more ]