Re: SSP for Debian unstable. was Re: security enhanced debian branch?
On Sun, Jan 04, 2004 at 10:31:40PM +1100, Russell Coker wrote:
> I've just started testing this. The first thing I noticed is that every SSP
> program you compiled wants to read /dev/urandom. Is this the only way to
> compile such programs? Can SSP provide benefits even when /dev/urandom is
> unavailable?
Yes this is currently required.
The code places canaries in appropriate places around the areas it is
attempting to protect. These canary values are setup when the binary
is executed via /dev/urandom.
If they were fixed it would become possible to overwrite them with
their "expected" values and defeat the protection. By using
/dev/urandom this is made much more difficult.
> Currently the SE Linux policy prevents most domains from accessing
> /dev/*random ...
This suprises me. Surely it's a good idea for programs to use real
random sources rather than having potentially predictable random number
generators seeded with srand(now) for example?
Unless you're concerned with a depleted entropy pool I see no obvious
reason why this should be denied. However I'd be happy to listen to
your reasoning.
Steve
--
Reply to: