I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that ...

PcChip • today at 7:00 PM • 2 replies • view on HN

I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail, so that hacking group could exploit as many targets during that time as possible

Replies

throw0101c • today at 7:38 PM

> I always assumed ubuntu was brought down to prevent ubuntu servers from patching copy.fail

On Ubuntu copy.fail could be mitigated against with some modprobe(8) config tweaks:

    # echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
    # rmmod algif_aead

There may be some processes that use this functionality ("lsof | grep AF_ALG"), but it is not that widespread AIUI, and so disabling it should not be an issue for the vast majority of systems.

bayindirh • today at 7:09 PM

copy.fail patches can be applied with minimum downtime, and a VM reboots in 30 seconds, tops, regardless of size. I believe all the apex servers are configured as HA to keep the load distributed, so normal users won't feel anything when copy.fail is patched.

Our users didn't feel a thing when we rolled out the patches.

➕ show 1 reply

alt Hacker News

Replies