Re: Question on CVE-2017-5754 on Debian 8.9

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Question on CVE-2017-5754 on Debian 8.9
From: Michael Fothergill <michael.fothergill@gmail.com>
Date: Thu, 25 Jan 2018 17:12:48 +0000
Message-id: <[🔎] CANc=Sd0BpyUD8VYtJorAgbjDzUQPvkj6Z2t=BZYZfrBEpX5zuQ@mail.gmail.com>
In-reply-to: <[🔎] CANc=Sd1nBSCg2-bYMsYVm1Ag0=ZS6E4OOSTprA80T=oGkbmb7A@mail.gmail.com>
References: <[🔎] 20180124173840.sarlbzwddenpqypy@eeg.ccf.org> <[🔎] CANc=Sd0YrguwOm9j26EzV0385+O2Oy9PZoaXM-eg1tdY+suijA@mail.gmail.com> <[🔎] CANc=Sd2hvnrkx=h+4PLauj10DYd8fu4p4hu594Yb0peExoD_ug@mail.gmail.com> <[🔎] CANc=Sd0MmOzK6GT468BY_h1ezDS_M48crez7ka4akx1i9rM2-A@mail.gmail.com> <[🔎] 20180124233211.f9afd587e7214730282f7dde@freenet.de> <[🔎] CANc=Sd0Up4274=f=XzZpz+f9sMkt2wQvxcmmk4Qa_gZGhGev+g@mail.gmail.com> <[🔎] CANc=Sd03YeqC9affc+jRK8duCTTb0ug_+L7P5SbNZyuZ+ivWdQ@mail.gmail.com> <[🔎] 20180125105042.db970fffe0a6a8055b6fb7a6@freenet.de> <[🔎] CANc=Sd2TR1NNtA2+prrO8Y_t56oUinXV-7G6wOAXTL8FCbNRPg@mail.gmail.com> <[🔎] CANc=Sd3eHnnTZ9b__EJAf9WEApp_AZmGFR4ia-P3LWKWuRsU+g@mail.gmail.com> <[🔎] 20180125130140.aesrfsqhx2s4l4eq@eeg.ccf.org> <[🔎] CANc=Sd1w5BvSP2Q+EjBhR=XamNX9Cz=e5SrhbS7XwJ6SfXcePQ@mail.gmail.com> <[🔎] CANc=Sd1nBSCg2-bYMsYVm1Ag0=ZS6E4OOSTprA80T=oGkbmb7A@mail.gmail.com>

On 25 January 2018 at 15:59, Michael Fothergill <michael.fothergill@gmail.com> wrote:

On 25 January 2018 at 13:14, Michael Fothergill <michael.fothergill@gmail.com> wrote:

On 25 January 2018 at 13:01, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
On Thu, Jan 25, 2018 at 12:36:46PM +0000, Michael Fothergill wrote:
> If I become sid and install the kernel correctly, could I go back to being
> just buster (sounds like an energy drink) and carry on using the new kernel?

No.

It seems I have to become sid here.

I have become sid and installed a ton of dependencies from the experimental respository and finally installed gcc 8.

After some rehab I will study the web page on compiling kernels in debian.

I need to get the set up to use the GCC 8 compiler I have just installed.

Cheers

MF

OK, I went through the dependency detox program (and had some electrodes hooked up to my ears etc) and made a good recovery.

I looked at some web pages on the debian way of compiling kernels etc.

My general strategy is as follows:

1. Download the latest stable kernel from the kernel archives; this is 4.14.15 - I have done this.

2. Use the tar xf /usr/src/linux-source-4.14.15.tar.xz command to unpack the kernel source file.

3. cd to the directory where the kernel source lives

4. Reuse the config file from the 4.14.15 rc8 kernel I already have installed e.g. cp /boot/config-3.16.0-4-amd64 ~/kernel/linux-source-3.16/.config

5. run make menuconfig (I do this in gentoo) I will make sure libncurses5-dev (or does it need to be newer?) is installed to configure it using the recycled config file from 4 above.

6. Run make-kpkg clean.

7. Then run fakeroot make-kpkg --initrd --revision=1.0.custom kernel_image.

8. Then install the kernel as follows: dpkg -i ../linux-image-4.14.15-subarchitecture_1.0.custom_i386.deb.

9. Reboot and look for new kernel in grub menu and log in.

10. Run the patch checker to see that KPTI and retpoline patched are turned on properly.

Please critique the above list. I am going to read more documentation and improve it before going ahead with this.

Cheers

MF

MF

Reply to:

Follow-Ups:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Lange <klappnase@freenet.de>

References:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Lange <klappnase@freenet.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Lange <klappnase@freenet.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>

Prev by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Next by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Previous by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Next by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Index(es):
- Date
- Thread