1 |
On 03/02/12 03:50, Brian Kroth wrote: |
2 |
> Tom Hendrikx <tom@×××××××××.net> 2012-02-02 21:42: |
3 |
>> On 27/01/12 14:37, Anthony G. Basile wrote: |
4 |
>>> Hi everyone, |
5 |
>>> |
6 |
>>> I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They |
7 |
>>> address CVE-2012-0056. I've tested and they do indeed resist the |
8 |
>>> exploit. I will be stabilizing them within 24 hours. However, I feel |
9 |
>>> very uncomfortable doing so because I don't want to trade one set of |
10 |
>>> problems with another. If anyone has time to test, let me know if you |
11 |
>>> encounter any issues. |
12 |
>>> |
13 |
>> |
14 |
>> I am still using 2.6.* sources here on one machine pending resolution of |
15 |
>> bug https://bugs.gentoo.org/show_bug.cgi?id=386721 (if it will ever |
16 |
>> happen :/ ). |
17 |
> |
18 |
> Are those open-vm kernel modules still necessary? It was my |
19 |
> understanding that most/all of the guest modules for more efficient |
20 |
> virtual hardware support were included in the mainline kernel now: |
21 |
> <http://kernelnewbies.org/Linux_2_6_33#head-b1a0ddbc804d228802ce8aebd37d9fd6513ccb01> |
22 |
|
23 |
I did some more investigation. None of the three in-tree |
24 |
open-vm-tools-kmod ebuilds compile against 2.6.32-r89, building a |
25 |
3.2.2-r1 kernel now to test against that. |
26 |
|
27 |
I thought that I needed the -kmod package to run open-vm-tools in the |
28 |
guest, but after some more research this might only apply when you want |
29 |
drag-and-drop support (useless for (headless) server). The open-vm-tools |
30 |
ebuilds list the -kmod package as a hard RDEPEND though. I'll do some |
31 |
tests later today/during the weekend. |
32 |
|
33 |
Tom |