From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RG2pN-0003kQ-KZ for garchives@archives.gentoo.org; Tue, 18 Oct 2011 06:07:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0A33421C099; Tue, 18 Oct 2011 06:06:54 +0000 (UTC) Received: from mx1.mthode.org (rrcs-24-173-105-85.sw.biz.rr.com [24.173.105.85]) by pigeon.gentoo.org (Postfix) with ESMTP id C79E721C038 for ; Tue, 18 Oct 2011 06:06:36 +0000 (UTC) Received: from [IPv6:2001:470:e1cc:2:e2f8:47ff:fe13:e922] (unknown [IPv6:2001:470:e1cc:2:e2f8:47ff:fe13:e922]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.mthode.org (Postfix) with ESMTPSA id 2916A5D7D for ; Tue, 18 Oct 2011 02:06:36 -0400 (EDT) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-1--839118425" Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v1084) Subject: Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success stories From: Matt Thode In-Reply-To: <4E9D0AD0.4010105@smash-net.org> Date: Tue, 18 Oct 2011 01:06:21 -0500 Content-Transfer-Encoding: 7bit Message-Id: <3704ECE9-2D31-4A40-92F7-23EA59A69ABB@mthode.org> References: <4E9C14D6.2040602@smash-net.org> <4E9D0AD0.4010105@smash-net.org> To: gentoo-server@lists.gentoo.org X-Pgp-Agent: GPGMail 1.3.3 X-Mailer: Apple Mail (2.1084) X-Archives-Salt: X-Archives-Hash: c728dbf81a841b5288f3db9fd6786de5 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-1--839118425 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 I'd love to be able to kexec/kspliced from a xen host. On Oct 18, 2011, at 12:12 AM, Norman Rie=DF wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > On 10/17/11 20:06, Pandu Poluan wrote: >>=20 >> On Oct 17, 2011 6:44 PM, "Norman Rie=DF" > > wrote: >>>=20 >>>=20 >>> Hello, >>>=20 >>> sorry to interrupt this thread, but this probably means, you did not >>> perform any kernel updates on that machine for over two years and >>> therefore the system is vulnarable to some kernel bugs which where >>> discovered during this time. On a DNS machine a privilege escalation = bug >>> is even more severe. I strongly recommend to secure this machine. >>=20 >> That depends on what Kai meant with "uptime". Maybe he meant the VMs >> (he's using Xen, after all) never needs a restart, but the BIND = service >> still gets regular update and the consequent service-restart. >>=20 >=20 > Every Xen VM is running its own kernel and needs to be restarted or > kexec'ed when this kernel is updated. If this is not the case, the VM = is > vulnerable to kernel bugs just as any other physical system, even if = the > host on which the VM is running is secure. > I assume BIND is updated and restarted as needed, but that is not = enough. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.17 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >=20 > iQEcBAEBAgAGBQJOnQrQAAoJEMCA6frkLT6z4hoH/ArwyLiXD548fBo4XkWzqybE > ATBSl2UPnKEvk68wWjR0eYR1hNu0KmRUF40vhNW305/lnxIoNXb9KRYrTd3UkK7O > USvVqs0cYt/Eh+kmpsFp+atcQcLwksskdKHfmSaaGb+VE25MDMWMebJEpfdUPGvV > kuoXeAvt0U3ZLoFoT4+6U+wOFYBXz3Zqf/nA/nuJ7zH/RnGVt+2JSKhwqFsg/QoG > lXNrZxEi3LIM9/S6XNC/jpJFQUW1sNbrEeqzmBDCLWNuXRxXgMoF9kuj+HKsXAB9 > bnJhhlJEn89/9V3dI474tzyfJCzZSyJXXChT0Rh1xE30rVoUi2DExWbEe6HkDOY=3D > =3DNlNZ > -----END PGP SIGNATURE----- >=20 --Apple-Mail-1--839118425 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJOnRdrAAoJECRx6z5ArFrDGG8P/R1IOKoURjnlRIrouYs5rwOh 3QVvdSu4MPkcq1ivUB6dB+30a7VBPr+9NVyeyRAqVQStAhDQjSAIqVI/oad3GGf2 bxfFmVG+w6o2/6xI0RqhMHZk7fo6kC3EBeahhULmH5j1hvPFPOmZpV8gT2cmiUqb D0mMse4NLUKRLi3JS7db6yWocXEmRPdVl2W8ajk/OKOOTZA/nUV6xAvkxBD+FAQE dp8+0/yi5Fv8RpDdfyngIQudtUpXQLi8fpn4biM8/uz0TDZiTQP49Fnb8GhPxCDn 4YgYeDR5Qy70Mmvvh40N9FakmfUnY3TPEhoJzIPGykcJ8Zhmob6dq9plQQcQOZyU nii+PCY+SKvPeQgpZVVcHRoy8knuZIpwin9kOmpUM0381/ZeX8LPw/XMIMy1MEoD ALJ0A49e43exMGv2f9+AB07aIHp6ONrVqP1P5EGf0fu2MPt40gEcNRvxHf7kAIO4 RZ8oFveWTn8Uzw5wPD9mO3I+eEZf8D3buLnNH1AgKtVvbhsJkPAqQzRKQWTTbkpa KonPr8lax4ZeOF+q6z16+dTnnS1wSs51SP/iCujptruYJ8Lk5N1PCH+seu2TP49L yLGgWINufEmVfVn2RkKHrHHYRd/QHqDVBt6s479ggv0DAvGxvIrSgI/d5U71uEd9 Z1PR6k50AapA3q7L3Isi =9ipg -----END PGP SIGNATURE----- --Apple-Mail-1--839118425--