Re: Debian Server restored after Compromise. Which kernels???
On Saturday 15 July 2006 19:30, Hemlock wrote:
> > > > > I'm in a similar situation.
> > > > > I just ended up grabbing the source from kernel.org
> > > > > and recompiling with debian's kernel-package package.
> > > > > (kernel 220.127.116.11)
> > > > > Did this both for i386 and AMD64 machines.
> > > >
> > > > Thank you for clarifying.
> > > >
> > > > Perhaps a naive observation: to save enrgies (and make a treasure of
> > > > op competence) why not putting your deb packages (if they are deb)
> > > > for download? Is any server that could accept them?
> > >
> > > This would, offhand, *seem* to be a job for Debian security.
> > Thank you for courage in saying that. But I know little about the
> > policy of Debian to this concern, and, most of all, I understand
> > that volunteers may lack the time at the moment for what seems to be
> > the most economical (and secure) procedure. francesco
> Why not try compiling your own kernel?
> make-kpkg makes it quite simple for us non developer types.
> All you need to do is install kernel-package, and perhaps gcc, make, g++ if
> they don't already come down with kernel-package.
> /usr/share/doc/kernel-package has the readme that shows you how to compile
> your own .deb.
Yes, it can be done. Two points:
1) I've lost mail from Leopold ... If I remember correctly, the vulnerable
kernels were up to 18.104.22.168. Should 22.214.171.124 be needed? I've not heard about
2) It has often been told on this list that kernel packages provided by Debian
cover most needs, implying that going to compile kernels is a waste of
resources in most cases.
3)It has been repeatedly advised on this list to avoid as much as possible to
recompile and recompile again what may be already available. It is curious
that packages for the most unusual tasks are continuously offered while
kernels not, even in a period of attacks to so many defective kernels.
This is not to object too much to what I know only at the surface. But I am
well aware of energetic problems and multi opteron machines (not to tell of
the equivalent very hot intels) take non-negligible energy to work. Which
also makes the point why going to 64bit for tasks that are equally well dealt
with at 32bit.
You may object that vs a flying machine or even a car (if not missiles and
bombs) a 64bit machine is nearly nothing. You are right.