[tor-relays] Linux kernel vulnerability

Tristan supersluether at gmail.com
Sun Oct 23 01:45:27 UTC 2016


Hate to tell you this, but both problems are still a reality whether the
machine reboots automatically or not. If I manually reboot for a kernel
update that breaks network access, I still won't have SSH. And if I reboot
manually after every kernel update, my stability will still suffer.

On Oct 22, 2016 8:26 PM, "Jesse V" <kernelcorn at torproject.org> wrote:

> On 10/22/2016 08:02 PM, Tristan wrote:
> > Would it be acceptable to configure unattended-upgrades to automatically
> > reboot the system when required? I already have it configured to check
> > for and install all updates to Ubuntu and Tor once a day, but I still
> > need to manually reboot to apply kernel upgrades.
>
> This is not a good idea. For one, the new kernel could break your
> network connection, which happened to me this morning after I rebooted a
> personal machine. Second, you will reduce the uptime and stability of
> your relay, thus it will lose consensus weight if you reboot the machine
> once a day.
>
> You also need to be careful with automatically installing updates in a
> production environment, as one of them could break something and it
> would be some time before you noticed. I prefer to review the updates
> before I install them and watch the apt-get log in case there are any
> issues. Debian systems may even show you the changelogs. If an update
> breaks SSH for whatever reason, at least I'm logged on and can fix it.
> It would be difficult to fix if the update happened automatically.
>
> Some downsides are documented here:
> https://wiki.ubuntu.com/AutomaticUpdates and elsewhere online.
>
> --
> Jesse
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161022/9908788a/attachment-0001.html>


More information about the tor-relays mailing list