[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upgrading Kernels...

On Sun, Dec 07, 2003 at 06:11:52PM +0000, Magn?s ??r Torfason wrote:
> As a member of the "mass of slightly advanced skills" trying to use Debian 
> for their typical day-to-day server needs, I am put rather off-balance by 
> the issues presented by the recent kernel compromise.
> I have an installation that has run quite well, and have been running 
> regular upgrades on the system.  However, it did not dawn on me until now 
> that I should have installed a custom kernel after installation, let alone 
> compiled my own.
> However, it is rather unfortunate that at a time where probably a record 
> number of individuals are wondering about kernel issues, the Kernel HOWTO 
> has been removed from the site without any further clarifications.
> I think that to alleviate the fears of this group of users, a step-by-step 
> guide should be made available on www.debian.org and/or security.debian.org 
> describing the steps to be taken to:
> - Determine if user systems are afflicted by the kernel exploit
> - Rectify the issue, possibly by updating the kernel
> Such a guide should list a recommended kernel version for a stable Debian 
> installation, and should preferably not advice users to "roll their own 
> kernels", since many users have no desire to start such explorations as a 
> response to this issue.
> I believe that this issue has caused serious doubts for many users about 
> the possibility of running a typical secure linux server with medium 
> sysadmin skills.  As I gather, running "apt-get upgrade" is not sufficient 
> to patch a vulnerable system for this exploit, meaning that the method 
> recommended for "Keeping your Debian system secure" on security.debian.org 
> is insufficient.

I have built kernels under Debian without benefit of Kernel HOWTO. Instead
I use the debian kernel-package tool. It has a man page that tells you
exactly what to do to build a 'private' kernel from kernel-source package.
Kernel HOWTO tells you all sorts of stuff that is simply "wrong for debian" (tm).

Paul E Condon           

Reply to: