Re: SSP for Debian unstable. was Re: security enhanced debian branch?
On Sun, 4 Jan 2004 22:59, Steve Kemp <skx@debian.org> wrote:
> > way to compile such programs? Can SSP provide benefits even when
> > /dev/urandom is unavailable?
>
> Yes this is currently required.
>
> The code places canaries in appropriate places around the areas it is
> attempting to protect. These canary values are setup when the binary
> is executed via /dev/urandom.
>
> If they were fixed it would become possible to overwrite them with
> their "expected" values and defeat the protection. By using
> /dev/urandom this is made much more difficult.
OK. So I guess that programs which aren't important for security should be
compiled without SSP then.
Is the default of your gcc packages with SSP to enable or disable it? How do
I force the other behaviour?
> > Currently the SE Linux policy prevents most domains from accessing
> > /dev/*random ...
>
> This suprises me. Surely it's a good idea for programs to use real
> random sources rather than having potentially predictable random number
> generators seeded with srand(now) for example?
>
> Unless you're concerned with a depleted entropy pool I see no obvious
> reason why this should be denied. However I'd be happy to listen to
> your reasoning.
Depleted entropy is a concern. Also with SE Linux everything is disabled by
default and you have to enable the operations that are desired.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: