Re: Upgrading Kernels...
As a member of the "mass of slightly advanced skills" trying to use Debian
for their typical day-to-day server needs, I am put rather off-balance by
the issues presented by the recent kernel compromise.
I have an installation that has run quite well, and have been running
regular upgrades on the system. However, it did not dawn on me until now
that I should have installed a custom kernel after installation, let alone
compiled my own.
However, it is rather unfortunate that at a time where probably a record
number of individuals are wondering about kernel issues, the Kernel HOWTO
has been removed from the site without any further clarifications.
I think that to alleviate the fears of this group of users, a step-by-step
guide should be made available on www.debian.org and/or security.debian.org
describing the steps to be taken to:
- Determine if user systems are afflicted by the kernel exploit
- Rectify the issue, possibly by updating the kernel
Such a guide should list a recommended kernel version for a stable Debian
installation, and should preferably not advice users to "roll their own
kernels", since many users have no desire to start such explorations as a
response to this issue.
I believe that this issue has caused serious doubts for many users about the
possibility of running a typical secure linux server with medium sysadmin
skills. As I gather, running "apt-get upgrade" is not sufficient to patch a
vulnerable system for this exploit, meaning that the method recommended for
"Keeping your Debian system secure" on security.debian.org is insufficient.
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.