savannah-hackers-public
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org

From: Bernie Innocenti
Subject: Re: [Savannah-hackers-public] Re: [gnu.org #670138] colonialone.fsf.org Dom0 upgrade
Date: Sun, 20 Feb 2011 11:58:24 -0500 
On Sun, 2011-02-20 at 12:13 +0100, Sylvain Beucler wrote:

> That would be quite inconvenient.

How about bouncing on fencepost, then?


> This is also an extremely risky way to consider security, because
> AFAICS it makes you think running a 1000-days-old kernel (with at
> least 2 root privilege escalation kernel exploits around) is safe.

It's safe for a machine that is completely firewalled from the public
Internet. The only exploits concerning us are those that would allow
taking over the dom0 from a compromised domU.

(btw, we shouldn't be discussing security on a public list!)


> > As long as we don't make the machine unbootable, we should be able to
> > recover it remotely from the serial console.
> 
> And it's actually the 'make the machine unbootable' case that I want
> to cover :)
> 
> That, and your expertise on possible coreboot-related Xen issues.
> Let us know when you have tested recent Xen some more :)

Ward knows better, but I think we can't do much in coreboot except for
dropping into GRUB. GRUB can also be controlled remotely from the serial
console.

Caveat: if you switch to grub2, there's a chance of making the machine
unbootable. Everything went well when I upgraded lenny to squeeze on our
test Dom0, but I've seen this happen on a VM that was upgraded from
karmic to maverick. The problem was that grub2 couldn't figure out the
boot drive.

Anyway, in the worst possible case, it would take us 1-2 hours to go to
to the co-lo and restore it.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]