On Sun, Dec 07, 2003 at 06:11:52PM +0000, Magn?s ??r Torfason wrote: > As a member of the "mass of slightly advanced skills" trying to use Debian > for their typical day-to-day server needs, I am put rather off-balance by > the issues presented by the recent kernel compromise. > > I have an installation that has run quite well, and have been running > regular upgrades on the system. However, it did not dawn on me until now > that I should have installed a custom kernel after installation, let alone > compiled my own. > > However, it is rather unfortunate that at a time where probably a record > number of individuals are wondering about kernel issues, the Kernel HOWTO > has been removed from the site without any further clarifications. > > I think that to alleviate the fears of this group of users, a step-by-step > guide should be made available on www.debian.org and/or security.debian.org > describing the steps to be taken to: > - Determine if user systems are afflicted by the kernel exploit > - Rectify the issue, possibly by updating the kernel > > Such a guide should list a recommended kernel version for a stable Debian > installation, and should preferably not advice users to "roll their own > kernels", since many users have no desire to start such explorations as a > response to this issue. > > I believe that this issue has caused serious doubts for many users about > the possibility of running a typical secure linux server with medium > sysadmin skills. As I gather, running "apt-get upgrade" is not sufficient > to patch a vulnerable system for this exploit, meaning that the method > recommended for "Keeping your Debian system secure" on security.debian.org > is insufficient. >
I have built kernels under Debian without benefit of Kernel HOWTO. Instead I use the debian kernel-package tool. It has a man page that tells you exactly what to do to build a 'private' kernel from kernel-source package. Kernel HOWTO tells you all sorts of stuff that is simply "wrong for debian" (tm). -- Paul E Condon [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
