back to article Xen security bug, you say? Amazon readies GLORIOUS GLOBAL CLOUD REBOOT

Amazon will tomorrow begin a bloody global reboot of its Elastic Compute Cloud (EC2) compute instances after it found a security bug within the Xen virtualisation platform. The rolling minutes-long reboots would be completed by 30 September. Amazon did not name the reason for the upgrade, widely thought to be a security issue …

  1. Anonymous Coward
    Anonymous Coward

    First BASHing

    Is it not about the BASH vuln? Xen might be a side fix:

    http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/

    1. xenny

      Re: First BASHing

      I doubt it, that shouldn't _require_ a reboot, and the top entry at http://xenbits.xen.org/xsa/ looks deeply suspicious.

    2. Tom 38 Silver badge
      FAIL

      Re: First BASHing

      Is it not about the BASH vuln? Xen might be a side fix:

      Why would a bash vulnerability on the guest cause all the VMs to be rebooted?

      1. xenny

        Re: First BASHing

        There's presumably also a bash vulnerability on the host....

        1. Tom 38 Silver badge

          Re: First BASHing

          There's presumably also a bash vulnerability on the host....

          Any why would that require a VM to be restarted? Where do you think bash fits in to KVM?

          1. xenny

            Re: First BASHing

            It needn't necessarily, but a kitchen sink approach might reboot the host, which would at the very least require a VM to be suspended. What BTW has KVM got to do with XEN ?

    3. Anonymous Coward
      Anonymous Coward

      Re: First BASHing

      Why can't running VMs just migrate transparently to another host during a reboot like Microsoft does with Azure?

      1. MatthewSt Silver badge

        Re: First BASHing

        Microsoft don't (yet) do that with Azure. You need to maintain multiple instances to avoid downtimes and they frequently send out emails advising when you can expect your single instance VMs to be unavailable because of a host reboot

      2. joejones

        Re: First BASHing

        AWS and Azure (and I assume Google) cloud services are not like a well built internal private virtualized environment. There is no vmotion or storage vmotion (or whatever the citrix and M$ version of this are). There is redundancy in networking (so we are told), but there is no separate path for storage or management.

        The old AWS server has a single redundant 1Gb connection going out the server for everything - management, storage and regular network traffic. This is shared by all the VMs on that host. Few people in their right mind would set up a vsphere or hyper-v environment with these sorts of limitations. There are ways to pay for more bandwidth and IOPS with a 10Gb pipe, but those are significantly more expensive.

        Lots of people make many assumptions about AWS based on what their own internal virtualization environment looks like, and they would be fools to do so. It is nothing like what one responsible person would set up, unless you were trying to be the cheapest cloud vendor in the world, then its whatever you could do to make it the cheapest possible setup.

      3. BinkyTheMagicPaperclip

        Re: First BASHing

        They can - live migration is supported on Xen provided there's shared storage available so potentially there should be almost zero downtime.

        However, the update from EC2 says this isn't possible, and until the details are released on 1st October we can't know if this is reasonable or not.

        It does say that if your database is replicated correctly it's possible to reboot ahead of time and avoid downtime..

  2. Anonymous Coward
    Anonymous Coward

    Bash & DHCP

    I seem to recall that there were implications that there's a vulnerability involved between DHCP clients and servers.

    Hmmm... possibly allowing a client to root the host which may be a mega-major AWS headache.

  3. Anonymous Coward
    Anonymous Coward

    Grrr...

    .. how come I get to read this here.. didnt even get an email from AWS! WTF!

  4. Anonymous Coward
    Anonymous Coward

    Intimate connection...

    The Xen hypervisor itself is actually just a collection of Bash shell scripts...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021