KSplice is an Oracle utility, primarily designed for Linux servers that need frequent patching but can't afford even the the momentary downtime of a reboot.
Roberto J. Dohnert has incorporated this utility at the desktop level to give the desktop user of his Enterprise Desktop a similar ability to update-minus-reboot. I'm using an earlier IoT (InternetofThings) build optimized for single-board systems, which doesn't include KSplice by default. So to install it, I downloaded the .deb from this link and installed it using Gdebi :
After installation, launch the program and from the Accessories -> System submenu in Xfce or Accessories menu in MATE, System Tools submenu. You will be prompted to enter the admin / sudo password and KSplice will begin searching its database :
After installation completes, the utility will open and show available updates to the kernel. Detailed view shows recent patches such as CVE-2017-7308, memory corruption in AF_PACKET socket options. The last sentence in the description of the Common Vulnerability Exposure is cuts to the heart of the matter "A local user could this flaw to elevate privileges." More information can be found here and here. Linux, because of its basic security model, is a more hardened platform than Windows, but privilege-escalation exploits are the most persistent threat that a Linux server admin or (less likely) desktop user faces. And this is the end result :
Check out Black Lab, it's stable, well-designed and secure. And if you're using a different distro, download KSplice here. Linux has a smaller attack surface, and the average user is unlikely to be hacked, but ransomware and malware are constantly changing threats whose vector can't be anticipated; secure now doesn't necessarily mean secure always.
No comments:
Post a Comment