Re: Upgrading Kernels...
On Sun, Dec 07, 2003 at 06:11:52PM +0000, Magn?s ??r Torfason wrote:
> As a member of the "mass of slightly advanced skills" trying to use Debian
> for their typical day-to-day server needs, I am put rather off-balance by
> the issues presented by the recent kernel compromise.
> I have an installation that has run quite well, and have been running
> regular upgrades on the system. However, it did not dawn on me until now
> that I should have installed a custom kernel after installation, let alone
> compiled my own.
> However, it is rather unfortunate that at a time where probably a record
> number of individuals are wondering about kernel issues, the Kernel HOWTO
> has been removed from the site without any further clarifications.
> I think that to alleviate the fears of this group of users, a step-by-step
> guide should be made available on www.debian.org and/or security.debian.org
> describing the steps to be taken to:
> - Determine if user systems are afflicted by the kernel exploit
> - Rectify the issue, possibly by updating the kernel
> Such a guide should list a recommended kernel version for a stable Debian
> installation, and should preferably not advice users to "roll their own
> kernels", since many users have no desire to start such explorations as a
> response to this issue.
> I believe that this issue has caused serious doubts for many users about
> the possibility of running a typical secure linux server with medium
> sysadmin skills. As I gather, running "apt-get upgrade" is not sufficient
> to patch a vulnerable system for this exploit, meaning that the method
> recommended for "Keeping your Debian system secure" on security.debian.org
> is insufficient.
I have built kernels under Debian without benefit of Kernel HOWTO. Instead
I use the debian kernel-package tool. It has a man page that tells you
exactly what to do to build a 'private' kernel from kernel-source package.
Kernel HOWTO tells you all sorts of stuff that is simply "wrong for debian" (tm).
Paul E Condon