[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Linux kernel vulnerability

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Linux kernel vulnerability
From: Tristan <supersluether@xxxxxxxxx>
Date: Sun, 23 Oct 2016 22:12:49 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 23 Oct 2016 23:13:05 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=yvQI1farOXBHhQWTwHwtNIKtJIb7A9WeS+RRQfK/U+Y=; b=obxW83nGKpbIOBreuSDXxvWMK0ZDdqe02Sy322DhzrQTSn+82J9birf1NDRq0IaRVO /EcioUz7OyjsFfpidOep7PFs/B+Sh4goPAkpxjlH/TwU5F0BtCHZxwjKcO+wULAQSvVs Z0iZvDDuLKUYgKIF0ZEMMRbVDZvMKGkyZZxhVlQTaEm15fuJT/JF1vQqmZfmOgceHJlN lxy2ubxYrHn3B9cmNMKr4+q8fDMtzjBp5Xbq/8f4N9QROEvwv4AfC6oyDzTJMopiYXNS sKjIn3PHPOX5kV6/G5+n+pe/vFqDgLUkHdoQfxFsXBW17PwSaTjFvpxkMIyn8+1Fz71n fzTw==
In-reply-to: <6A387990-57D8-48C3-9BFF-84BBDB14CB30@posteo.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9BDA1E11407.000003C8beatthebastards@inbox.com> <4956fb9d-29e2-15d0-6ddf-d3f5286bf45b@riseup.net> <CAKkV4FG+0UNgQOOiREUfXxfXJpMKT0uuJFcEj-wsqF_MFVZicw@mail.gmail.com> <2c812ecb-95cf-dceb-69db-ae0dc03adfc7@riseup.net> <7b29011c-aabe-4b91-b92e-c37dbc64a1ce@openmailbox.org> <CAE0YhAmk5G2dmYpvniPyLMkBVR09jL1Len2HRtk+9BkMyLm5VA@mail.gmail.com> <6A387990-57D8-48C3-9BFF-84BBDB14CB30@posteo.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Rebooting also makes sure updates are applied correctly. If a shared library updates, the old version is still in use until whatever program using it stops, and the new version is loaded on the next run.

On Oct 23, 2016 10:07 PM, "Duncan Guthrie" <dguthrie@xxxxxxxxxx> wrote:

Hi folks,

I think this is a very extreme and unnecessary solution. While it is good to keep relays up, this may be unreliable. It is good to perform maintenance regularly, and reboots are often best.
Also, it appears to be proprietary technology. I would not advise proprietary technology on a Tor relay as it opens up a whole other can of worms, who controls the software etc.
Can people really not afford to reboot once a month or similar? Uptime is good but the only reliable way to apply kernel updates has always been reboots. Restarting also can apply updates to certain system services as well, if I am correct.

-- D
On 23 October 2016 09:42:38 BST, Jonathan Baker-Bates <jonathan@xxxxxxxxxxxxxx> wrote:
I know some people using this for applying kernel updates without rebooting, but don't know how good it is:

https://www.cloudlinux.com/all-products/product-overview/kernelcare

On 23 October 2016 at 09:16, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> Second, you will reduce the uptime and stability of
> your relay, thus it will lose consensus weight if you reboot the machine
> once a day.

Unattended-Upgrade::Automatic-Reboot "true";

Does not reboot your machine "once a day", it reboots when a new kernel
requires a reboot. Which on Debian stable / Ubuntu LTS is far from being
a daily event.
And the frequency of reboots actually should not differ compared to
manual reboots.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxg
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Linux kernel vulnerability
  - From: I
- Re: [tor-relays] Linux kernel vulnerability
  - From: Petrusko
- Re: [tor-relays] Linux kernel vulnerability
  - From: Tristan
- Re: [tor-relays] Linux kernel vulnerability
  - From: Jesse V
- Re: [tor-relays] Linux kernel vulnerability
  - From: nusenu
- Re: [tor-relays] Linux kernel vulnerability
  - From: Jonathan Baker-Bates
- Re: [tor-relays] Linux kernel vulnerability
  - From: Duncan Guthrie

Prev by Author: Re: [tor-relays] Recommendation for DUMB COMPUTING devices for Tor Relays
Next by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
Previous by thread: Re: [tor-relays] Linux kernel vulnerability
Next by thread: Re: [tor-relays] Linux kernel vulnerability
Index(es):
- Author
- Thread