Re: Upgrading Kernels...

To: debian-security@lists.debian.org
Subject: Re: Upgrading Kernels...
From: Paul E Condon <pecondon@peakpeak.com>
Date: Sun, 7 Dec 2003 12:17:55 -0700
Message-id: <[🔎] 20031207191755.GF24756@peakpeak.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] BAY2-F61DqCU6yyFVSP0000a0a1@hotmail.com>
References: <[🔎] BAY2-F61DqCU6yyFVSP0000a0a1@hotmail.com>

On Sun, Dec 07, 2003 at 06:11:52PM +0000, Magn?s ??r Torfason wrote:
> As a member of the "mass of slightly advanced skills" trying to use Debian 
> for their typical day-to-day server needs, I am put rather off-balance by 
> the issues presented by the recent kernel compromise.
> 
> I have an installation that has run quite well, and have been running 
> regular upgrades on the system.  However, it did not dawn on me until now 
> that I should have installed a custom kernel after installation, let alone 
> compiled my own.
> 
> However, it is rather unfortunate that at a time where probably a record 
> number of individuals are wondering about kernel issues, the Kernel HOWTO 
> has been removed from the site without any further clarifications.
> 
> I think that to alleviate the fears of this group of users, a step-by-step 
> guide should be made available on www.debian.org and/or security.debian.org 
> describing the steps to be taken to:
> - Determine if user systems are afflicted by the kernel exploit
> - Rectify the issue, possibly by updating the kernel
> 
> Such a guide should list a recommended kernel version for a stable Debian 
> installation, and should preferably not advice users to "roll their own 
> kernels", since many users have no desire to start such explorations as a 
> response to this issue.
> 
> I believe that this issue has caused serious doubts for many users about 
> the possibility of running a typical secure linux server with medium 
> sysadmin skills.  As I gather, running "apt-get upgrade" is not sufficient 
> to patch a vulnerable system for this exploit, meaning that the method 
> recommended for "Keeping your Debian system secure" on security.debian.org 
> is insufficient.
> 

I have built kernels under Debian without benefit of Kernel HOWTO. Instead
I use the debian kernel-package tool. It has a man page that tells you
exactly what to do to build a 'private' kernel from kernel-source package.
Kernel HOWTO tells you all sorts of stuff that is simply "wrong for debian" (tm).

-- 
Paul E Condon           
pecondon@peakpeak.com

Reply to:

References:
- Re: Upgrading Kernels...
  - From: "Magnús Þór Torfason" <torfason@hotmail.com>

Prev by Date: Re: Upgrading Kernels...
Next by Date: Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?
Previous by thread: Re: Upgrading Kernels...
Next by thread: extrange passwd behaviour
Index(es):
- Date
- Thread