[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?

On Sun, Jan 04, 2004 at 10:31:40PM +1100, Russell Coker wrote:
> On Sat, 20 Dec 2003 02:28, Steve Kemp <skx@debian.org> wrote:
> >   OK after the positive comments yesterday I've made an SSP compiled
> >  version of GCC for unstable available.
> I've just started testing this.  The first thing I noticed is that every SSP 
> program you compiled wants to read /dev/urandom.  Is this the only way to 
> compile such programs?  Can SSP provide benefits even when /dev/urandom is 
> unavailable?
> Currently the SE Linux policy prevents most domains from accessing
> /dev/*random ...

Why on earth prevent programs from accessing /dev/urandom? I don't see
the point.

Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: