blog ntic de revolunet

aptitude update
aptitude upgrade

export KVER=`uname -r`
aptitude update
aptitude install linux-source-${KVER}
cd /usr/src
tar -xjf linux-source-${KVER}.tar.bz2
ln -s linux-source-${KVER} linux
cd linux

patch < vmsplice.patch -p1

cp /boot/config-${KVER} .config
make-kpkg clean
make-kpkg --initrd --append-to-version=-mykernelname kernel_image
cd ..
dpkg -i linux-image-${KVER}-mykernelname_${KVER}-mykernelname-10.00.Custom_i386.deb
reboot

8 Comments »

RSS feed for comments on this post. TrackBack URI

1. Patching the kernel is not necessary, because fixed kernels already are in the Debian repository . Ofcourse if you are building your own kernel then it’s different issue.

   If you are using standard stock Debian kernel’s then just do

   # apt-get update
   # apt-get upgrade

   Comment by miksuh — 12 February 2008 #

2. They weren’t at the time of posting
   Thanks for the remark, I’ll update the post.

   Comment by drax — 12 February 2008 #

3. No, just upgrading debian did no do the trick for me. I was using debian etch with a 2.6.17.4 kernel

   Comment by juju — 15 February 2008 #

4. [...] Pour ceux qui souhaiterait installer leur propre kernel et le patcher, suivez le tuto de DrAx sur son (excellent) blog : vmsplice-exploit-fix-and-patching-on-debian [...]

   Pingback by blog ntic de revolunet » upgrade sécurité dedibox — 15 February 2008 #

5. Yes but you weren’t using a stock kernel were you?

   Comment by drax — 16 February 2008 #

6. i dont remember, maybe a special kernel from dedibox.fr

   Comment by juju — 17 February 2008 #

7. now im using 2.6.18-6-686 stock kernel and the kernel is patched

   Comment by juju — 17 February 2008 #

8. Glad to hear that.
   Bare in mind this patch was only a quick fix while waiting for debian and other linux distributions to update their repositories.
   This seems to be the case so people should just update the way they usually do.

   Comment by drax — 19 February 2008 #

Leave a comment