Re: SSP for Debian unstable. was Re: security enhanced debian branch?
On Sun, Jan 04, 2004 at 10:31:40PM +1100, Russell Coker wrote:
> On Sat, 20 Dec 2003 02:28, Steve Kemp <skx@debian.org> wrote:
> > OK after the positive comments yesterday I've made an SSP compiled
> > version of GCC for unstable available.
>
> I've just started testing this. The first thing I noticed is that every SSP
> program you compiled wants to read /dev/urandom. Is this the only way to
> compile such programs? Can SSP provide benefits even when /dev/urandom is
> unavailable?
>
> Currently the SE Linux policy prevents most domains from accessing
> /dev/*random ...
Why on earth prevent programs from accessing /dev/urandom? I don't see
the point.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: