[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on CVE-2017-5754 on Debian 8.9

On Thu, 25 Jan 2018 17:12:48 +0000
Michael Fothergill <michael.fothergill@gmail.com> wrote:



> My general strategy is as follows:
> 
> 1. Download the latest stable kernel from the kernel archives; this is
> 4.14.15 - I have done this.

Not sure, but didn't you want the very latest 4.15rc for some
Meltdown/Spectre issues? Are these also in 4.14.15?

> 
> 2. Use the  tar xf /usr/src/linux-source-4.14.15.tar.xz command to
> unpack the kernel source file.
> 
> ​3. cd to the directory where the kernel source lives
> 
> 4.  Reuse the config file from the 4.14.15 rc8 kernel I already have
> installed e.g. cp /boot/config-3.16.0-4-amd64
> ~/kernel/linux-source-3.16/.config
> 
> 5. run make menuconfig (I do this in gentoo) I will make sure
> libncurses5-dev (or does it need to be newer?) is installed to
> configure it using the recycled config file from 4 above.

This shouldn't be necessary, unless you want to enable something that's
turned off by default. That 'yes "" | make oldconfig' thing worked well
here and is surely faster :) 

> 
> 6. Run make-kpkg clean.
> 
> 7. Then run fakeroot make-kpkg --initrd --revision=1.0.custom
> kernel_image.
> 
> 8. Then install the kernel as follows: dpkg -i
> ../linux-image-4.14.15-subarchitecture_1.0.custom_i386.deb.
> 
> 9. Reboot and look for new kernel in grub menu and log in.
> 
> 10. Run the patch checker to see that KPTI and retpoline patched are
> turned on properly.
> 
> Please critique the above list.   I am going to read more documentation
> and improve it before going ahead with this.

Regards

Michael



.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

It would be illogical to assume that all conditions remain stable.
		-- Spock, "The Enterprise Incident", stardate 5027.3
Reply to: