Message boards :
News :
CMS Servers up again
Message board moderation
Author | Message |
---|---|
Send message Joined: 8 Apr 15 Posts: 780 Credit: 12,150,930 RAC: 2,185 |
https://www.neowin.net/news/dirty-cow-flaw-lets-hackers-gain-control-of-linux-systems-every-single-time YEP Linux is just the greatest and most secure OS ever 😎 .....I didn't do it.......and I never liked a Dirty Cow (OK I won't restart the OS war) Mad Scientist For Life |
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,181,211 RAC: 2,023 |
https://www.neowin.net/news/dirty-cow-flaw-lets-hackers-gain-control-of-linux-systems-every-single-time Tja! OK, there's a slight mitigating factor for Linus; 11 years ago or whenever he spotted the flaw, he didn't see any way to exploit it; I'm not sure from what I've read if he then decided it wasn't worth patching or if he couldn't decide how to patch it. But as I understand it, this didn't become exploitable until copy-on-write (COW) was invented and deployed. There are reports that the original flaw was documented, but it seems that no-one had enough grasp of the overall picture to connect the dots between an old possible problem and an emerging technique. We need more nexialists (from A.E. van Vogt's, "The Story of the Space Beagle", the novel that made me want to be a scientist, but not be blinkered to my field; e.g. I have a paper on rejuvenating channel-electron-multipliers which is based on a technique for cleaning two-stroke motorcycle exhausts!). |
Send message Joined: 28 Jul 16 Posts: 482 Credit: 394,720 RAC: 0 |
My hosts got a couple of WUs from the non-dev project although it was clear they would run into an error. Why can´t you stop sending out WUs until the patches are installed? The VMs are also linux machines. If they use a COW filesystem they are also affected by that bug. I´m sure I am the very first thinking about that :-)) |
Send message Joined: 12 Sep 14 Posts: 65 Credit: 544 RAC: 0 |
My hosts got a couple of WUs from the non-dev project although it was clear they would run into an error. The patch for this bug was issued yesterday and will be applied automagically when your current task expires and your CernVM reboots. |
Send message Joined: 28 Jul 16 Posts: 482 Credit: 394,720 RAC: 0 |
My hosts got a couple of WUs from the non-dev project although it was clear they would run into an error. As I stated a couple of times in this message board my hosts still do not get the most recent application versions (CMS, CMS-dev). The older apps download/boot older VM images, e.g. CMS_2016_08_08.vdi in case of CMS-dev, which are not patched. Resetting the projects or rebooting the hosts do not solve the problem. |
Send message Joined: 28 Jul 16 Posts: 482 Credit: 394,720 RAC: 0 |
I made some additional tests: I detached one of my hosts, reattached it and changed the project setting on the dev-webpage so this host asks for Theory Simulation - which I had not used since August. Result: My host got Theory v2.04 and not the most recent v2.90. v2.04 is the last version that I got in August. Is it a database error due to the consolidation of classical LHC, vLHC, LHC-dev? Any other ideas? |
Send message Joined: 16 Aug 15 Posts: 966 Credit: 1,211,816 RAC: 0 |
Did you attach to the latest URL? http://lhcathomedev.cern.ch/vLHCathome-dev/ or did you use the old one, whatever that was? (Just a thought...) Maybe just try a project reset? |
Send message Joined: 12 Sep 14 Posts: 65 Credit: 544 RAC: 0 |
My hosts got a couple of WUs from the non-dev project although it was clear they would run into an error. Well actually you do get the security patches whatever .vdi version gets loaded. CernVM is connected to its file system CVMFS and it is this which does automagical kernel and library updates right after booting the vdi image. |
Send message Joined: 28 Jul 16 Posts: 482 Credit: 394,720 RAC: 0 |
Did you attach to the latest URL? I attached to https://lhcathome.cern.ch/vLHCathome-dev/ A detach/reattach includes a project reset. At least in my understanding as it deletes more files/dirs on the local computer than a project reset. Nevertheless I had tried a project reset before. During the most recent try to attach to the dev project the server sent a get_project_config.xml with 2 special sections. An error section: <project_config> A platform section without a plan_class: <platform> |
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,181,211 RAC: 2,023 |
Encouraging sign: I now get ssh: connect to host lcggwms02.gridpp.rl.ac.uk port 9700: Connection refused instead of the ssh: connect to host lcggwms02.gridpp.rl.ac.uk port 9700: Connection timed out I was getting yesterday, so it looks like the VM is up again, if not yet fully operational. |
Send message Joined: 20 Jan 15 Posts: 1139 Credit: 8,181,211 RAC: 2,023 |
Encouraging sign: I now get OK, we are operational again. |
©2024 CERN