[tor-relays] Linux kernel vulnerability
Jesse V
kernelcorn at torproject.org
Sun Oct 23 01:25:13 UTC 2016
On 10/22/2016 08:02 PM, Tristan wrote:
> Would it be acceptable to configure unattended-upgrades to automatically
> reboot the system when required? I already have it configured to check
> for and install all updates to Ubuntu and Tor once a day, but I still
> need to manually reboot to apply kernel upgrades.
This is not a good idea. For one, the new kernel could break your
network connection, which happened to me this morning after I rebooted a
personal machine. Second, you will reduce the uptime and stability of
your relay, thus it will lose consensus weight if you reboot the machine
once a day.
You also need to be careful with automatically installing updates in a
production environment, as one of them could break something and it
would be some time before you noticed. I prefer to review the updates
before I install them and watch the apt-get log in case there are any
issues. Debian systems may even show you the changelogs. If an update
breaks SSH for whatever reason, at least I'm logged on and can fix it.
It would be difficult to fix if the update happened automatically.
Some downsides are documented here:
https://wiki.ubuntu.com/AutomaticUpdates and elsewhere online.
--
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 691 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161022/b8503b2e/attachment.sig>
More information about the tor-relays
mailing list