# tuxonice makes gentoo-sources-2.6.23-r8 uncompilable

## magowiz

Hi,

I'm upgrading to gentoo-sources 2.6.23-r8 and I'm trying to apply tuxonice patch to this kernel (like I had on r6) but on compile time I get this error :

```
kernel/power/tuxonice_prepare_image.c:804: error: implicit declaration of function ‘thaw_kernel_threads’ 
```

what should it be?

----------

## RoundsToZero

I think I'm having the same issue.  Did you get patch rejects too?  I did, so I didn't even bother trying to compile.

----------

## magowiz

 *RoundsToZero wrote:*   

> I think I'm having the same issue.  Did you get patch rejects too?  I did, so I didn't even bother trying to compile.

 

I don't get rejects but in one file (I don't remember which) I got a message that says that the patch perhaps is already applied, in that case I choose to NOT apply anyway. Anyway now I switched to tuxonice-sources , and all goes well, also because (I think) the last stable of tuxonice-sources is 2.6.23-r6 that is the same of the last gentoo-sources working with tuxoince patch.

----------

## RoundsToZero

Well the thing is that newer revisions like gentoo-sources-2.6.23-r8 contain the fix for the widely publicized vmsplice vulnerability.  TuxOnIce may patch successfully against an updated vanilla kernel and may eventually be updated to patch successfully against updated gentoo-sources but for something like this, time is of the essence.  In the meantime I've switched to s2disk which is working fine so far.

----------

## Hypnos

Since I'm the only user on this laptop and don't run binaries from untrusted sources, I don't think it's a big deal.

Am I wrong?  If I *am* wrong, it might be worth pestering the tuxonice-sources developer to hurry up and stabilize >= 2.6.23-r8.

----------

## RoundsToZero

The ~arch tuxonice-sources are from January and I don't think the fix was out then.  I'm not sure there's a version that has the fix but if you are the only user, etc., like you said, you should be fine.

----------

## Hu

You should care about the vulnerability if there is any way that a malicious user could execute code of his choosing on your system.  The most obvious way is if some other user had permission to login and run a shell.  However, it could also be exploited if you run some application with a "remote code execution" vulnerability in it.  For example, suppose you run an IRC client with a buffer overflow in it.  An attacker could send you a deliberately malformed IRC message to trigger the overflow, which would then let him run code in the context of the IRC client.  Since the IRC client is on your machine, his injected code could then exploit the vmsplice vulnerability.

All that said, I think you are probably safe.  You should be aware of such exploit chaining, but as far as I know, it is rare for it to happen in the real world.

----------

## Hypnos

Agreed, but my personal data is far more valuable than anything root has access to   :Smile: 

----------

