1 / 8

Performance Toolkit Updates

2010-01-31, perfSONAR-PS Developers Meeting Aaron Brown, Joe Metzger. Performance Toolkit Updates. Performance Toolkit Updates. Problem As of February 15 th , we lose support for Debian 4.0, the basis for the current toolkit. Goal: Decide a path forward

rune
Download Presentation

Performance Toolkit Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 2010-01-31, perfSONAR-PS Developers Meeting Aaron Brown, Joe Metzger Performance Toolkit Updates

  2. Performance Toolkit Updates • Problem • As of February 15th, we lose support for Debian 4.0, the basis for the current toolkit. • Goal: Decide a path forward • Upgrade the existing toolkit to Debian 5.0 • Transition to Fedora LiveCD ASAP, and maintain security updates ourselves for 6(?) months • Maintain security updates ourselves until 6(?) months after a version based on the Fedora LiveCD is released

  3. Upgrade to Debian 5.0 • Upsides • Theoretically, a more minor upgrade path, and we would not need to maintain security updates. • We’ve updated from Knoppix to Debian 4.0, so have some idea of the complexity. • Downsides • May require recompilation of all software we’ve added • NDT, NPAD, bwctl, owamp, iperf • CPAN modules (will almost definitely need recompiled) • Init scripts may need fiddled with • Configuration files may need changed • If we’re going to transition to LiveCD eventually anyway, the costs for upgrading are weighed solely against the costs of maintaining security fixes, and upgrading to LiveCD soon(er?)

  4. Upgrade to LiveCD • Upsides • We’re going to do this update eventually anyway • Downsides • May require recompilation of all software we’ve added • NDT, NPAD, bwctl, owamp, iperf • CPAN modules (will almost definitely need recompiled) • Init scripts may need fiddled with • Configuration files may need changed • There are open questions for transitioning • How do we deal with the “ramdisk filling” issue? • Are we going to do a clean transition, or a quick-and-dirty transition?

  5. Maintaining Security Updates • Kernel Updates • We maintain our own kernel, so we’ll be responsible for these updates no matter the option we choose. • Software Updates • We’ll have watch the Debian security mailing list, and apply any fixes we see to the 5.0 branch, to the 4.0 branch (if applicable). • Expense depends heavily on how many fixes come out during the timeframe we’re maintaining security fixes.

  6. Security Fixes: July and January • January • Python: DoS of a service that parses an XML file • Severity for us: low • Applies to 4.0 and 5.0 • Gzip: arbitrary execution when decompressing specially crafted files • Severity for us: low • Applies to 4.0 and 5.0 • Openssl: DoS if mod_ssl, mod_php5 and php5-curl are loaded • Severity for us: low • Applies to 5.0 • Krb5: Remote crashes, heap corruption, and extraordinarily unlikely chance: arbitrary code execution • Severity for us: low • Applies to 4.0/5.0 • December • Ntp: remote DoS possibility • Severity for us: medium-high • Applies to 4.0/5.0

  7. Security Fixes: July and January • November • Apache: Minor TLS vulnerability • Severity for us: low • Applies to 4.0/5.0 • August • Libxml2: DoS and possible code execution • Severity for us: low • Applies to 4.0/5.0 • Apache Runtime Library – heap overflow/code execution • Severity for us: low • Applies to 4.0/5.0 • July • Apache – DoS if mod_proxy or mod_deflate were enabled • Severity for us: low • Applies to 4.0/5.0

  8. Performance Toolkit Updates 2010-01-31, perfSONAR-PS Developers Meeting Aaron Brown, Joe Metzger For more information, visit www.internet2.edu

More Related