If you happen to be a Linux kernel developer, then you may not be having the best week. The same might hold true if you are a Linux systems administrator. The common reasons for this are the recently announced security vulnerabilities known as Spectre and Meltdown.
If you're not familiar with what these two vulnerabilities are, they are specific attack vectors that go after a processor feature known as speculative execution.
It's a no-kidding, all-hands-on-deck kind of problem, too. Initial reports had this being an Intel-only issue, but it turns out to be a potential open door to nearly every modern processor architecture.
Critical Background Information
For those of you not up to speed about Meltdown and Spectre, my colleague Jon Masters has put together an excellent and accessible blog post that explains speculative execution and how this feature can be exploited. There's also a good video that lays out the problem succinctly. For those wondering how the fixes could potentially impact your systems' performance, Red Hat has put an article out about that, too.
Obviously, this is an issue that every Linux distribution must deal with in the coming days, and there's a good round-up of articles on LWN.net, as well as a very complete status report on the Linux kernel developers' progress in mitigating these issues from Greg Kroah-Hartman.
The Human Impact
It is not known what, if any, security, productivity, or monetary costs may arise from these vulnerabilities. So far, it is estimated that any exploits that could advantage of these holes would be difficult to execute.
Already, the toll on people can be seen. In his status report, Kroah-Hartman concludes with this matter-of-fact statement:
"Right now, there are a lot of very overworked, grumpy, sleepless, and just generally pissed off kernel developers working as hard as they can to resolve these issues that they themselves did not cause at all. Please be considerate of their situation right now. They need all the love and support and free supply of their favorite beverage that we can provide them to ensure that we all end up with fixed systems as soon as possible."
What is also critical to note that this kind of crisis illustrates more than ever the importance of keeping systems patched. It is, sadly, a too-common occurrence in the free software ecosystem that using free-as-in-beer operating systems leads to a set-it-and-forget-it type of operation. Particularly with virtual machines, which are sometimes thought to be "safe" thanks to the hypervisor layer on which the VM is running.
Unfortunately, this "safety" is an illusion. These most recent vulnerabilities have been demonstrated to get past the hypervisor layer, so if a host system is exploited, any VM on that host could be illicitly accessed as well. And any system that's been set up and left alone is very much at risk because these fixes are so complex for current kernel versions, no one will have the time or energy to backport the fixes to earlier kernel versions. Once again, I will rely on Kroah-Hartman to outline the impact:
"If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck. The lack of patches to resolve the Meltdown problem is so minor compared to the hundreds of other known exploits and bugs that your kernel version currently contains. You need to worry about that more than anything else at this moment, and get your systems up to date first. "Also, go yell at the people who forced you to run an obsoleted and insecure kernel version, they are the ones that need to learn that doing so is a totally reckless act."
Running any production system on older software is not needed. The old "but that is all my app needs" reason flies out the window when dealing with the higher demands of security. Your business, your livelihood, and your piece of mind need admins at the top of their game. And patches up-to-date.
So whether its
dnf update yum update
or
apt-get update
get your systems up-to-date today. Open source software is amazing stuff, but it still needs proactive operators.
Image by Red Hat.
À propos de l'auteur
Brian Proffitt is Senior Manager, Community Outreach within Red Hat's Open Source Program Office, focusing on enablement, community metrics and foundation and trade organization relationships. Brian's experience with community management includes knowledge of community onboarding, community health and business alignment. Prior to joining Red Hat in 2013, he was a technology journalist with a focus on Linux and open source, and the author of 22 consumer technology books.
Parcourir par canal
Automatisation
Les dernières actualités en matière de plateforme d'automatisation qui couvre la technologie, les équipes et les environnements
Intelligence artificielle
Actualité sur les plateformes qui permettent aux clients d'exécuter des charges de travail d'IA sur tout type d'environnement
Services cloud
En savoir plus sur notre gamme de services cloud gérés
Sécurité
Les dernières actualités sur la façon dont nous réduisons les risques dans tous les environnements et technologies
Edge computing
Actualité sur les plateformes qui simplifient les opérations en périphérie
Infrastructure
Les dernières nouveautés sur la plateforme Linux d'entreprise leader au monde
Applications
À l’intérieur de nos solutions aux défis d’application les plus difficiles
Programmes originaux
Histoires passionnantes de créateurs et de leaders de technologies d'entreprise
Produits
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Services cloud
- Voir tous les produits
Outils
- Formation et certification
- Mon compte
- Ressources développeurs
- Assistance client
- Calculateur de valeur Red Hat
- Red Hat Ecosystem Catalog
- Rechercher un partenaire
Essayer, acheter et vendre
Communication
- Contacter le service commercial
- Contactez notre service clientèle
- Contacter le service de formation
- Réseaux sociaux
À propos de Red Hat
Premier éditeur mondial de solutions Open Source pour les entreprises, nous fournissons des technologies Linux, cloud, de conteneurs et Kubernetes. Nous proposons des solutions stables qui aident les entreprises à jongler avec les divers environnements et plateformes, du cœur du datacenter à la périphérie du réseau.
Sélectionner une langue
Red Hat legal and privacy links
- À propos de Red Hat
- Carrières
- Événements
- Bureaux
- Contacter Red Hat
- Lire le blog Red Hat
- Diversité, équité et inclusion
- Cool Stuff Store
- Red Hat Summit