[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#834791: Add NEWS/README.Debian entry to recommend people not to enable KSM

Control: tags -1 + wontfix

Hi Ben,

On Mon, Aug 22, 2016 at 12:41:24AM +0100, Ben Hutchings wrote:
> On Fri, 19 Aug 2016 07:21:57 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Source: linux
> > Version: 3.16.7-ckt7-1
> > Severity: wishlist
> > 
> > On Wed, Aug 17, 2016 at 11:51:14PM +0200, Moritz Mühlenhoff wrote:
> > > Aurelien Jarno <aurelien@aurel32.net> schrieb:
> > > > On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
> > > >> Package: release.debian.org
> > > >> Severity: normal
> > > >> Tags: jessie
> > > >> User: release.debian.org@packages.debian.org
> > > >> Usertags: pu
> > > >> 
> > > >> Dear SRM
> > > >> 
> > > >> I would like to propose the following hardening to src:gnupg2 which was
> > > >> found during the analysis of a vulnerability report to the security team
> > > >> and related to
> > > >> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> > > >> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> > > >> be solved in software (and thus we don't want to issue a DSA for it, and
> > > >> give possibly this false impression), and as pointed out by Florian
> > > >
> > > > I wonder if it would be a good idea to release an announcement without
> > > > any software change recommending people to not enable KSM on their
> > > > hosts?
> > > 
> > > I think a NEWS file for the kernel would be best?
> > 
> > Okay. Let's open a Bug for src:linux for this.
> 
> I disagree with this proposal.
> 
> - The issue is unrelated to any change in this package (or any package),
>   so it doesn't belong in NEWS
> - This is not a Debian-specific issue so it also doesn't belong in
>   README.Debian (and no-one is likely to notice changes there anyway)
> - Since KSM is not enabled by default, any notice about it during
>   upgrades would be a nuisance to the majority of users that do not use
>   it
> 
> Also, the issue is in practice mitigated by ECC DRAM (not eliminated,
> but note that the results in the paper are based on a system without
> ECC).
> 
> I think that a DSA is a more effective way to let system administrators
> know about this issue.  We already issue DSAs for other reasons than
> software updates, for example when withdrawing security support for
> some package.
> 
> Also, if there is VM management software in Debian that can enable KSM,
> that software should not do so by default and should warn that this
> carries a risk.

That's make sense and is fine with me. Cc'ing explicitly Moritz who
brought up the idea about the README/NEWS.

Tagging now as wontfix, but we might close it after that, and consider
to mention it via a DSA instead.

Salvatore
Reply to: