updating the Linux kernel (was: Please help me unsubscribe)

[gsl at linuxcolombia.com.co]

Guess that doing it node by node its better.. but what i think its better
its applyng the patch and renicing some jobs that eat the machine, or
replacing jobs from computer to another one up and free from load...

thats what i think, maybe im wrong..

GERARDO


On Fri, 9 Jun 2000, Martin Siegert wrote:

> After all that talk about the quality of IBM products I'd like to get
> back to more beowulf like stuff:
> 
> Yesterday a bug was found (or made public on bugtraq) in the Linux
> kernel (in all 2.2 versions up to and including 2.2.15) that allows
> local users to gain root.
> 
> highly recommended remedy: upgrade to 2.2.16
> 
> My question now is how do you handle such an issue?
> Our beowulf is fully loaded with jobs.
> Some of these jobs run for about 30 days.
> Upgrading the kernel means killing those jobs ... and gives you some
> very unhappy users.
> If the bug would allow a remote root exploit I wouldn't have a choice,
> but to upgrade immediately.
> 
> In this situation:
> (1) do you upgrade immediately?
> (2) do you say "I trust my local users they won't do anything bad"
>     and do nothing?
> (3) do you wait until RedHat comes out with patches?
> (4) something else (e.g., disable logins and upgrade node after node
>     when no jobs are running on them anymore).
> 
> Cheers,
> Martin
> 
> ========================================================================
> Martin Siegert
> Academic Computing Services                        phone: (604) 291-4691
> Simon Fraser University                            fax:   (604) 291-4242
> Burnaby, British Columbia                          email: siegert at sfu.ca
> Canada  V5A 1S6
> ========================================================================
> 
> _______________________________________________
> Beowulf mailing list
> Beowulf at beowulf.org
> http://www.beowulf.org/mailman/listinfo/beowulf
>