Re: Debian Server restored after Compromise. Which kernels???
> > Why not try compiling your own kernel?
> > make-kpkg makes it quite simple for us non developer types.
> > All you need to do is install kernel-package, and perhaps gcc, make, g++
if
> > they don't already come down with kernel-package.
> > /usr/share/doc/kernel-package has the readme that shows you how to
compile
> > your own .deb.
> Yes, it can be done. Two points:
>
> 1) I've lost mail from Leopold ... If I remember correctly, the
> vulnerable kernels were up to 2.6.17.4. Should 2.6.17.5 be needed?
> I've not heard about this.
I believe from debian.org's newsletter, it is kernel's less than
2.6.17.4, therefore 2.6.17.3 and lower.
http://www.debian.org/News/2006/20060713
Also, kernel.org changelog for 2.6.17.4 talks about fixing the local exploit.
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-
2.6.17.y.git;a=log;h=4f9619cdd90ac846fa0ca6e9e8a9d87a0d6b4f57
> 2) It has often been told on this list that kernel packages provided
> by Debian cover most needs, implying that going to compile kernels
> is a waste of resources in most cases.
Perhaps, but since we're living in the world of debian non-stable kernels,
(because our hardware is too new), then we must find fixes or patches for
security exploits. If we can't find such a debian .deb immediately,
I'm happy to make my own. Of course, 90% of the time I wait for a .deb to
appear.
Cheers,
Reply to: