Re: SSP for Debian unstable. was Re: security enhanced debian branch?

[Steve Kemp <skx@debian.org>]

On Sun, Jan 04, 2004 at 10:31:40PM +1100, Russell Coker wrote:

> I've just started testing this.  The first thing I noticed is that every SSP 
> program you compiled wants to read /dev/urandom.  Is this the only way to 
> compile such programs?  Can SSP provide benefits even when /dev/urandom is 
> unavailable?

  Yes this is currently required.

  The code places canaries in appropriate places around the areas it is
 attempting to protect.  These canary values are setup when the binary
 is executed via /dev/urandom.

  If they were fixed it would become possible to overwrite them with
 their "expected" values and defeat the protection.  By using
 /dev/urandom this is made much more difficult.

> Currently the SE Linux policy prevents most domains from accessing
> /dev/*random ...

  This suprises me.  Surely it's a good idea for programs to use real
 random sources rather than having potentially predictable random number
 generators seeded with srand(now) for example?

  Unless you're concerned with a depleted entropy pool I see no obvious
 reason why this should be denied.  However I'd be happy to listen to
 your reasoning.

Steve
--