[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?

On Sun, Jan 04, 2004 at 11:04:16PM +1100, Russell Coker wrote:

> OK.  So I guess that programs which aren't important for security should be 
> compiled without SSP then.

  I guess so if you do not wish things to be depleted.  Perhaps looking

> Is the default of your gcc packages with SSP to enable or disable it?  How do 
> I force the other behaviour?

  I believe the default is to have it disabled.  I know that I've been
 explicitly enabling it via a wrapper in all my builds.

  The two relevent flags are:


  The test code at the following URL is a quick means of testing this:


> Depleted entropy is a concern.  Also with SE Linux everything is disabled by 
> default and you have to enable the operations that are desired.

  Disabling services etc, and capabilities does seem sensible and is
 best practise - but it seems to me that /dev/u?random is a facility 
 in a different class.


Reply to: