YAMAMOTO Takashi wrote:

>> Adjust the system build so that all programs and libraries that are setuid,
>> directly handle network data (including serial comm data), perform
>> authentication, or appear likely to have (or have a history of having)
>> data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
>> with the exception of libc, which cannot use USE_FORT and thus uses
>> only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
>> per-directory or in a system build will disable if desired.
> 
> where was it proposed?

"what he said." :)

also, where is the consensus of the class of programs to protect with
USE_FORT taken from? and what's the reason for it?

-e.