On 22/06/17 01:55, Kilian Cavalotti wrote: > Thanks for starting the discussion here.
Pleasure! > We're pretty much in the same boat (no changes made yet), as: > 1. we're still running some RHEL 6.x based clusters, with x < 9, > meaning no patches for neither the kernel nor glibc, Ah yes, that's an interesting situation. We're on RHEL 6.9 for our systems currently and I plan to upgrade a test cluster and see if anything I know how to run breaks. > 2. those kernel+glibc patches seem to just be "mitigations" and don't > solve the underlying problem anyway > (cf.https://access.redhat.com/security/vulnerabilities/stackguard#magicdomid15) Unfortunately I think you have to rely on those mitigations as an attacker with local access could just bring on a statically linked executable and you're hosed. > Oh, and containers... Yes, a double edged sword, lots more vulnerable software that will never get an update.. :-/ cheers, Chris -- Christopher Samuel Senior Systems Administrator Melbourne Bioinformatics - The University of Melbourne Email: sam...@unimelb.edu.au Phone: +61 (0)3 903 55545 _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
