[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSP for Debian unstable. was Re: security enhanced debian branch?

On Sun, Jan 04, 2004 at 11:04:16PM +1100, Russell Coker wrote:
> Depleted entropy is a concern.  Also with SE Linux everything is disabled by 
> default and you have to enable the operations that are desired.

But surely depleted entropy is only a concern for /dev/random, not
/dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
amounts of pseudo-random data.

> OK.  So I guess that programs which aren't important for security should
> be compiled without SSP then.

Define "not important for security". ;-)

Honestly, I can't see a reason not to allow every program to use 
/dev/_u_random. SE Linux's default policy of disallowing everything by 
default is a Good Thing, but cannot be an argument against enabling 
something that would greatly improve overall system security.



  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Reply to: