Re: SSP for Debian unstable. was Re: security enhanced debian branch?

To: debian-devel@lists.debian.org
Subject: Re: SSP for Debian unstable. was Re: security enhanced debian branch?
From: Richard Atterer <richard@list04.atterer.net>
Date: Sun, 4 Jan 2004 14:01:52 +0100
Message-id: <[🔎] 20040104130152.GC32523@nenya.lan>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 200401042304.16073.russell@coker.com.au>
References: <200312181128.NAA12752@home.ntrl.net> <[🔎] 200401042231.40765.russell@coker.com.au> <[🔎] 20040104115924.GA8139@steve.org.uk> <[🔎] 200401042304.16073.russell@coker.com.au>

On Sun, Jan 04, 2004 at 11:04:16PM +1100, Russell Coker wrote:
> Depleted entropy is a concern.  Also with SE Linux everything is disabled by 
> default and you have to enable the operations that are desired.

But surely depleted entropy is only a concern for /dev/random, not
/dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
amounts of pseudo-random data.

> OK.  So I guess that programs which aren't important for security should
> be compiled without SSP then.

Define "not important for security". ;-)

Honestly, I can't see a reason not to allow every program to use 
/dev/_u_random. SE Linux's default policy of disallowing everything by 
default is a Good Thing, but cannot be an argument against enabling 
something that would greatly improve overall system security.

Cheers,

  Richard

-- 
  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Reply to:

Follow-Ups:
- Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Andrew Suffield <asuffield@debian.org>
- Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Jochen Voss <voss@seehuhn.de>
- Re: [debian-devel] Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Magosányi Árpád <mag@bunuel.tii.matav.hu>

References:
- Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Russell Coker <russell@coker.com.au>
- Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Steve Kemp <skx@debian.org>
- Re: SSP for Debian unstable. was Re: security enhanced debian branch?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: python again (was: Bug#225999: ITP: debsync -- installed packages synchronization tool)
Next by Date: Re: python again
Previous by thread: Re: SSP for Debian unstable. was Re: security enhanced debian branch?
Next by thread: Re: SSP for Debian unstable. was Re: security enhanced debian branch?
Index(es):
- Date
- Thread