瀏覽代碼

Added the fix for the linux kernel security vulnerability into the build instructions - Thanks Matt for catching this one

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@4469 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Jeremy Utley 20 年之前
父節點
當前提交
1d609dcea7
共有 2 個文件被更改,包括 13 次插入5 次删除
  1. 7 0
      chapter03/patches.xml
  2. 6 5
      chapter08/kernel.xml

+ 7 - 0
chapter03/patches.xml

@@ -107,6 +107,13 @@ following:</para>
 </listitem>
 </varlistentry>
 
+<varlistentry>
+<term>Linux 2.6.10 Security Vulnerability Patch - 1 KB:</term>
+<listitem>
+<para><ulink url="&patches-root;linux-&linux-version;-security_fix-1.patch"/></para>
+</listitem>
+</varlistentry>
+
 <varlistentry>
 <term>Man 80-Columns Patch - 1 KB:</term>
 <listitem>

+ 6 - 5
chapter08/kernel.xml

@@ -23,14 +23,15 @@
 <sect2 role="installation">
 <title>Installation of the kernel</title>
 
-<para>Prepare for compilation by running the following command:</para>
+<para>Kernel version 2.6.10 has a security vulnerability that will allow user
+processes to gain root privledges upon loading of a kernel module.  See:
+<ulink url="http://www.uwsg.iu.edu/hypermail/linux/kernel/0412.3/0679.html"/> for more information.  The following patch fixes this problem:</para>
 
-<screen><userinput>make mrproper</userinput></screen>
+<screen><userinput>patch -Np1 -i ../linux-&linux-version;-security_fix-1.patch</userinput></screen>
 
-<para>Also, ensure that the kernel does not attempt to pass hotplugging events
-to userspace until userspace specifies that it is ready:</para>
+<para>Prepare for compilation by running the following command:</para>
 
-<screen><userinput>sed -i 's@/sbin/hotplug@/bin/true@' kernel/kmod.c</userinput></screen>
+<screen><userinput>make mrproper</userinput></screen>
 
 <para>If, in <xref linkend="ch-scripts-console"/>, you decided you want
 to compile the keymap into the kernel, issue the command below:</para>