aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Utley <jeremy@linuxfromscratch.org>2004-12-31 06:29:29 +0000
committerJeremy Utley <jeremy@linuxfromscratch.org>2004-12-31 06:29:29 +0000
commit1d609dcea74f89e44ee39b4b1acdfef0e43ae652 (patch)
treeca0971c0c2c77e96586aedc8d645aba944e76fc8
parentb17cfc8ce96a90e06aececdc2eaa7ce1f20b0704 (diff)
Added the fix for the linux kernel security vulnerability into the build instructions - Thanks Matt for catching this one
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@4469 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
-rw-r--r--chapter03/patches.xml7
-rw-r--r--chapter08/kernel.xml11
2 files changed, 13 insertions, 5 deletions
diff --git a/chapter03/patches.xml b/chapter03/patches.xml
index 7875036f2..bd07b2ec8 100644
--- a/chapter03/patches.xml
+++ b/chapter03/patches.xml
@@ -108,6 +108,13 @@ following:</para>
</varlistentry>
<varlistentry>
+<term>Linux 2.6.10 Security Vulnerability Patch - 1 KB:</term>
+<listitem>
+<para><ulink url="&patches-root;linux-&linux-version;-security_fix-1.patch"/></para>
+</listitem>
+</varlistentry>
+
+<varlistentry>
<term>Man 80-Columns Patch - 1 KB:</term>
<listitem>
<para><ulink url="&patches-root;man-&man-version;-80cols-1.patch"/></para>
diff --git a/chapter08/kernel.xml b/chapter08/kernel.xml
index 1d41e21b7..01bac036b 100644
--- a/chapter08/kernel.xml
+++ b/chapter08/kernel.xml
@@ -23,14 +23,15 @@
<sect2 role="installation">
<title>Installation of the kernel</title>
-<para>Prepare for compilation by running the following command:</para>
+<para>Kernel version 2.6.10 has a security vulnerability that will allow user
+processes to gain root privledges upon loading of a kernel module. See:
+<ulink url="http://www.uwsg.iu.edu/hypermail/linux/kernel/0412.3/0679.html"/> for more information. The following patch fixes this problem:</para>
-<screen><userinput>make mrproper</userinput></screen>
+<screen><userinput>patch -Np1 -i ../linux-&linux-version;-security_fix-1.patch</userinput></screen>
-<para>Also, ensure that the kernel does not attempt to pass hotplugging events
-to userspace until userspace specifies that it is ready:</para>
+<para>Prepare for compilation by running the following command:</para>
-<screen><userinput>sed -i 's@/sbin/hotplug@/bin/true@' kernel/kmod.c</userinput></screen>
+<screen><userinput>make mrproper</userinput></screen>
<para>If, in <xref linkend="ch-scripts-console"/>, you decided you want
to compile the keymap into the kernel, issue the command below:</para>