“The kernel developers are generally quite good about responding
to security problems. Once a vulnerability in the kernel has been
found, a patch comes out in short order; system administrators can
then apply the patch (or get a patched kernel from their
distributor), reboot the system, and get on with life knowing that
the vulnerability has been fixed. It is a system which works pretty
well.“One little problem remains, though: rebooting the system is a
pain. At a minimum, it requires a few minutes of down time…”
Related Story:
Ksplice
Automates Hot Patching Linux Kernel with No Reboot Needed(Apr
25, 2008)