Re: SSP for Debian unstable. was Re: security enhanced debian branch?
On Sun, Jan 04, 2004 at 11:04:16PM +1100, Russell Coker wrote:
> Depleted entropy is a concern. Also with SE Linux everything is disabled by
> default and you have to enable the operations that are desired.
But surely depleted entropy is only a concern for /dev/random, not
/dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
amounts of pseudo-random data.
> OK. So I guess that programs which aren't important for security should
> be compiled without SSP then.
Define "not important for security". ;-)
Honestly, I can't see a reason not to allow every program to use
/dev/_u_random. SE Linux's default policy of disallowing everything by
default is a Good Thing, but cannot be an argument against enabling
something that would greatly improve overall system security.
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯