On Fri, Nov 10, 2017 at 8:30 AM, Lev Olshvang <levonshe@xxxxxxxxxx> wrote: > ... > Besides to be security hole, I do not see any legitimate use except of live patching of shared object. > I do not know whether production or mission critical system may take a risk of live patching, but development system > would do a library update by stopping dependent application first. Somewhat off-topic, but it may give some perspective... Microsoft offers hot patching to avoid reboots and downtime. If I recall correctly, some function calls are padded with no-ops so a jump can be written in its place. I think the Microsoft technology to do it is called the Detours library. Its a neat library even when detached from the hot patching use case. I used it several years ago to test DLL injections and spinning up malicious threads to egress data. Also see https://www.microsoft.com/en-us/research/project/detours/. Jeff _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
