Re: Question on CVE-2017-5754 on Debian 8.9
On Thu, 25 Jan 2018 17:12:48 +0000
Michael Fothergill <michael.fothergill@gmail.com> wrote:
> My general strategy is as follows:
>
> 1. Download the latest stable kernel from the kernel archives; this is
> 4.14.15 - I have done this.
Not sure, but didn't you want the very latest 4.15rc for some
Meltdown/Spectre issues? Are these also in 4.14.15?
>
> 2. Use the tar xf /usr/src/linux-source-4.14.15.tar.xz command to
> unpack the kernel source file.
>
> 3. cd to the directory where the kernel source lives
>
> 4. Reuse the config file from the 4.14.15 rc8 kernel I already have
> installed e.g. cp /boot/config-3.16.0-4-amd64
> ~/kernel/linux-source-3.16/.config
>
> 5. run make menuconfig (I do this in gentoo) I will make sure
> libncurses5-dev (or does it need to be newer?) is installed to
> configure it using the recycled config file from 4 above.
This shouldn't be necessary, unless you want to enable something that's
turned off by default. That 'yes "" | make oldconfig' thing worked well
here and is surely faster :)
>
> 6. Run make-kpkg clean.
>
> 7. Then run fakeroot make-kpkg --initrd --revision=1.0.custom
> kernel_image.
>
> 8. Then install the kernel as follows: dpkg -i
> ../linux-image-4.14.15-subarchitecture_1.0.custom_i386.deb.
>
> 9. Reboot and look for new kernel in grub menu and log in.
>
> 10. Run the patch checker to see that KPTI and retpoline patched are
> turned on properly.
>
> Please critique the above list. I am going to read more documentation
> and improve it before going ahead with this.
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
It would be illogical to assume that all conditions remain stable.
-- Spock, "The Enterprise Incident", stardate 5027.3
Reply to: