Am Donnerstag, 23. Februar 2017, 13:46:51 CET schrieb Ruediger Meier:
> On Thursday 23 February 2017, Carlos E. R. wrote:
> > What worries me is that we got 2 kernel updates in a month. Several
> > updates this month that require a reboot (systemd, apparmor...). Not
> > good for server uptime.
> You DO NOT NEED to reboot after kernel update. Nowadays the old kernel
> should be still installed in parallel so module loading still works
> without reboot.

Yes, you can always choose to ignore a security update - but that means 
that you stay vulnerable. Given that, I prefer a secure system over a 
big uptime ;-)

> You SHOULD reboot as soon as possible if the kernel update fixes
> security bugs _and_ if you have local users which you can't trust. For
> example if you run 100 workstations with 1000 users.

"Local" users is relative ;-)

For example, if you run a webserver, and one of the pages allows remote 
code execution [1], a local root exploit can easily become a remote root 
exploit via that exploitable page.


Christian Boltz

[1] Are you 100% sure _all_ webhosting customers always run the latest 
    version of Wordpress, Typo3, Joomla, $whatever, and instantly 
    upgrade when a security update gets released?
    If so, please tell me where I can find such customers ;-)

Es könnte zum Beispiel sein, daß Du inzwischen besser bist als
95% der anderen Teilnehmer hier. Das ist für mindestens 45% der
Leute, die das von sich glauben jedoch nicht der Fall. :-)
[Kristian Koehntopp in suse-linux]

Evergreen mailing list

Reply via email to