Re: [tor-relays] Linux kernel vulnerability

2016-10-23 Thread Tristan
Rebooting also makes sure updates are applied correctly. If a shared library updates, the old version is still in use until whatever program using it stops, and the new version is loaded on the next run. On Oct 23, 2016 10:07 PM, "Duncan Guthrie" wrote: > Hi folks, > > I

Re: [tor-relays] Linux kernel vulnerability

2016-10-23 Thread Duncan Guthrie
Hi folks, I think this is a very extreme and unnecessary solution. While it is good to keep relays up, this may be unreliable. It is good to perform maintenance regularly, and reboots are often best. Also, it appears to be proprietary technology. I would not advise proprietary technology on a

Re: [tor-relays] Linux kernel vulnerability

2016-10-23 Thread nusenu
> Would it be acceptable to configure unattended-upgrades to automatically > reboot the system when required? I already have it configured to check for > and install all updates to Ubuntu and Tor once a day, but I still need to > manually reboot to apply kernel upgrades. I think

Re: [tor-relays] Linux kernel vulnerability

2016-10-23 Thread Petrusko
I don't know if it's possible to load a new kernel without rebooting... But I think people who doesn't want to reboot because feared of a bad reboot, loose SSH or anything else... If OS's teams are updating a system for security, I prefer a bad reboot (backups are done before!) than a system with

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Tristan
Hate to tell you this, but both problems are still a reality whether the machine reboots automatically or not. If I manually reboot for a kernel update that breaks network access, I still won't have SSH. And if I reboot manually after every kernel update, my stability will still suffer. On Oct

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Jesse V
On 10/22/2016 08:02 PM, Tristan wrote: > Would it be acceptable to configure unattended-upgrades to automatically > reboot the system when required? I already have it configured to check > for and install all updates to Ubuntu and Tor once a day, but I still > need to manually reboot to apply

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Jason Jung
I don't think it would be a terrible idea but it is always possible that your server will fail to reboot after a kernel upgrade. This leaves it offline without a general idea of why it is offline. I do use unattended-upgrades to automatically restart most services though. On Sat, Oct 22, 2016

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Tristan
Would it be acceptable to configure unattended-upgrades to automatically reboot the system when required? I already have it configured to check for and install all updates to Ubuntu and Tor once a day, but I still need to manually reboot to apply kernel upgrades. On Sat, Oct 22, 2016 at 6:26 PM,

Re: [tor-relays] Linux kernel vulnerability

2016-10-22 Thread Petrusko
https://security-tracker.debian.org/tracker/CVE-2016-5195 Remember, to know your current debian linux kernel : uname -a If your kernel is not up to date : apt-get update && apt-get dist-upgrade && reboot I : > Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the > Linux

Re: [tor-relays] Linux kernel vulnerability

2016-10-21 Thread Jesse V
On 10/21/2016 06:23 PM, Tristan wrote: > And? > > Honestly, the way people create names and websites for these things, > you'd think it's a fund-raiser for something, not a critical security bug. Tristan, they know this. They are even good-natured enough to make fun of it themselves. From

Re: [tor-relays] Linux kernel vulnerability

2016-10-21 Thread Nenad Marjanovic
Test, not working on my side. Some demos on your side? Le 22/10/2016 à 00:22, I a écrit : > Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the > Linux Kernel > > http://dirtycow.ninja/ > > > ___ > tor-relays mailing list >

Re: [tor-relays] Linux kernel vulnerability

2016-10-21 Thread Tristan
And? Honestly, the way people create names and websites for these things, you'd think it's a fund-raiser for something, not a critical security bug. On Fri, Oct 21, 2016 at 5:22 PM, I wrote: > Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the >

[tor-relays] Linux kernel vulnerability

2016-10-21 Thread I
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel http://dirtycow.ninja/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays