Subject: Re: CVS commit: src
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <e@murder.org>
List: source-changes
Date: 06/01/2007 20:16:44
YAMAMOTO Takashi wrote:
>> Adjust the system build so that all programs and libraries that are setuid,
>> directly handle network data (including serial comm data), perform
>> authentication, or appear likely to have (or have a history of having)
>> data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
>> with the exception of libc, which cannot use USE_FORT and thus uses
>> only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
>> per-directory or in a system build will disable if desired.
>
> where was it proposed?
"what he said." :)
also, where is the consensus of the class of programs to protect with
USE_FORT taken from? and what's the reason for it?
-e.