danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
Secure Boot versus Ksplice.
danwalsh
I have been attending many talks on Secure Boot.  The basic idea behind secure boot is to ensure that the bios/bootloader and kernel have not been hacked.  My understanding of how this is done is everything is signed and verified during the bootup.  Nothing can run in the kernel that was not signed and verified.  

Then we Oracle pushing Ksplice.

I can't help but ask the question?

Is ksplice a security disaster waiting to happen?

Respectfully, Major, the problem with "It worries me because it does complicated things" is that it's a specious argument. It's like saying "I don't use compilers because they do lots of complicated reoptimization and how can I be sure they're correct?" or "I don't use virtualization because it does scary low-level stuff".

That's one of the reasons you have test environments; to kick the tires on things that sound cool that you don't have experience with. (Though you of course don't need me to tell you that.)

> When it comes right down to it, if your environment can't withstand a reboot for security updates occasionally, you're doing it wrong. ;)

Now that I completely agree with. But this isn't at odds with my view. At the end of the day, Ksplice is a tool in your sysadmin toolkit. And in many environments, it makes a lot of sense to use it alongside your other tools.

You *could* reboot your system every month when your Linux vendor releases a new kernel update (and yes, it really is basically once a month). I say, reboot on the schedule you want to reboot -- not the schedule your vendor forces you to. Especially since Ksplice is almost certainly going to let you patch sooner than "schedule some downtime and reboot" would anyway.

- Waseem

(P.S. Totally unrelated: after learning about mysqltuner.pl, I was pleasantly surprised to learn that .sh and .py are also TLDs)

Edited at 2012-03-15 03:41 pm (UTC)

You are viewing danwalsh