LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ksplice provides updates without reboots

Ksplice provides updates without reboots

Posted Jul 10, 2009 18:42 UTC (Fri) by spender (subscriber, #23067)
Parent article: Ksplice provides updates without reboots

This would be nice if exploitable vulnerabilities were actually labeled as such. Back in the real world however...

If they do actually include all the updates the vendor would normally provide, it follows that they're also playing along with whatever embargoes the vendors have in place. So the shortened vulnerability window in those cases only applies to those who wait to install updates because they don't want to reboot their machine so often. Actually, I wonder how the embargo issue will play out, since much of the reason why distros combine many fixes into one update is purely because of the reboot requirement. If every distro moved to this technology, would embargoes be done away with?

Even though this seems like it would increase the risk of silently fixed vulnerabilities, in general it will improve security for those with the 'patch what they tell me to, and I'm safe' mentality. There are currently far too many people running incredibly outdated kernels simply because rebooting for the handful of vulnerabilities cropping up each week is far too disruptive.

-Brad

(Log in to post comments)

Ksplice provides updates without reboots

Posted Jul 10, 2009 19:19 UTC (Fri) by spender (subscriber, #23067) [Link]

On the other hand, imagining the scenario where all vendors are using this style of updates, it might have the effect of removing the incentive for developers to silently fix vulnerabilities in the kernel. Then if they could just hire some real security experts to properly identify and classify vulnerabilities, Linux would have a real improvement in kernel security.

-Brad

Ksplice provides updates without reboots

Posted Jul 11, 2009 10:13 UTC (Sat) by nix (subscriber, #2304) [Link]

Nice idea, but if they did hire real security experts, I suspect that said
experts would much rather spend time on interesting things such as better
security frameworks rather than the incredibly dull gruntwork of poring
through an ocean looking for sunken turds. And the ocean is always growing
far faster than any plausible population of security experts hireable by
one organization can possibly audit them.

It would be very dispiriting for the poor sods so hired: and the net
effect? Sure, security would go up --- but from the point of view of the
alien beings who work the money levers, they'd be paying money to get back
reports of bad security, upgrade hassle for their customers, and bad PR
whenever MS decides to do one of their fallacious 'count the CVE'
Windows-has-better-security PR pushes, but the number of vulnerabilities
probably wouldn't fall all that far, because new code is still arriving
far faster than it could be audited.

Worse yet: a huge amount of security-dangerous stuff isn't in the kernel
at all, but in higher parts of the stack which talk to the network. I'm
certain you couldn't hire enough security experts to audit Firefox and
everything underneath it, and as long as that remains problematic
attackers will still be able to run arbitrary code with the privileges of
a user. (And, TBH, that's all they really care about. They can keysniff
your browser and send their spam without grabbing root...)

But perhaps I'm being too cynical. At least the common core of the kernel
that everyone runs (mm, fs) could probably be kept somewhat more hole-free
than other parts, as it doesn't change all that fast. But I look at other
operating systems, run by people who *do* hire security experts, and I
look at their security records, largely as lamentable as ours, largely in
userspace, and I wonder if it would really help.

Not cynical enough

Posted Jul 14, 2009 20:19 UTC (Tue) by man_ls (subscriber, #15091) [Link]

No way! In the real world, spender will get hired as the kernel security expert; he will bravely go over every kernel fix and find the vulnerability lying within, reveal it with great fanfare and excruciating detail, and use the assigned CVE to properly label the upgrade. Inane DoS attacks will be largely a thing of the past. After all this work every kernel version will carry with it some 2870 "OH NOES PLEASE UPGRADE" warning labels, and with it a heightened sense of warm protection for every user. Not to speak about stable releases -- these will come with a few dozen "OH NOES PLEASE PLEASE UPGRADE" warnings.

In a few iterations security will improve so much that Linux will be suitable for end users and the Year of the Linux Desktop will finally arrive.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds