On Wed, 21 Jun 2017 08:55:36 -0700 Kilian Cavalotti wrote
As far as I understand this, the real fix will be to recompile all of
your binaries using a properly working implementation of -fstack-check
in gcc (which doesn't exist yet). So in terms of timeline, that means
GCC needs to be fixed, system applications need to be recompiled,
distribution need to repackage and distribute them, and then all the
userland applications need to be recompiled. It's a multi-year
process.
It better not take years!
We have some Centos 6.9 machines. The OS supports gcc 4.4.7. (We have
devtoolset-4 installed to get gcc 5.3.1, because a lot of software will
not build with 4.4.7.) Presumably the gcc developers have pushed this
up to the top of their to do list and RedHat will be leaning on them
hard to make patches available for the older compilers in releases RH
still supports (back to RHEL 5?). RedHat will then have to recompile a
lot of binaries and push those RPMs out, where it will eventually end up
in Centos.
Let us all hope that nobody figures out how to exploit this issue
remotely before then.
Most end user code would not need to be recompiled, since it does not
run with privileges.
One problem I can easily imagine - a glitch in the automatic yum
installation when it suddenly sees 150 rpm updates. A couple of weeks
back we lost ftp servers because of an rpcbind update, it took hours to
figure that out. Much harder to diagnose and recover when the logs show
that the entire system was just updated. Rolling back that many RPMs is
not something I would want to try on a production system.
Regards,
David Mathog
mat...@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
