1 |
Thierry Carrez wrote: |
2 |
|
3 |
> Restricting ssp to daemons and +s programs is not very |
4 |
> useful. |
5 |
|
6 |
Clarifying this : |
7 |
|
8 |
SSP is very useful, and it should be used on all executables on a given |
9 |
machine. I don't think we should only use it to protect daemons and SUID |
10 |
programs, since a lot of buffer overflows are discovered in client |
11 |
software and they are also a way of remotely compromising a machine. If |
12 |
you protect only exposed services, attackers will turn to passive |
13 |
attacks, like virus images, to always exploit the weakest link. |
14 |
|
15 |
-K |
16 |
|
17 |
-- |
18 |
gentoo-security@g.o mailing list |