Re: SSP for Debian unstable. was Re: security enhanced debian branch?

[Russell Coker <russell@coker.com.au>]

On Sun, 4 Jan 2004 22:59, Steve Kemp <skx@debian.org> wrote:
> > way to compile such programs?  Can SSP provide benefits even when
> > /dev/urandom is unavailable?
>
>   Yes this is currently required.
>
>   The code places canaries in appropriate places around the areas it is
>  attempting to protect.  These canary values are setup when the binary
>  is executed via /dev/urandom.
>
>   If they were fixed it would become possible to overwrite them with
>  their "expected" values and defeat the protection.  By using
>  /dev/urandom this is made much more difficult.

OK.  So I guess that programs which aren't important for security should be 
compiled without SSP then.

Is the default of your gcc packages with SSP to enable or disable it?  How do 
I force the other behaviour?

> > Currently the SE Linux policy prevents most domains from accessing
> > /dev/*random ...
>
>   This suprises me.  Surely it's a good idea for programs to use real
>  random sources rather than having potentially predictable random number
>  generators seeded with srand(now) for example?
>
>   Unless you're concerned with a depleted entropy pool I see no obvious
>  reason why this should be denied.  However I'd be happy to listen to
>  your reasoning.

Depleted entropy is a concern.  Also with SE Linux everything is disabled by 
default and you have to enable the operations that are desired.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page