YAMAMOTO Takashi wrote:
Adjust the system build so that all programs and libraries that are setuid, directly handle network data (including serial comm data), perform authentication, or appear likely to have (or have a history of having) data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default, with the exception of libc, which cannot use USE_FORT and thus uses only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no per-directory or in a system build will disable if desired.where was it proposed?
"what he said." :) also, where is the consensus of the class of programs to protect with USE_FORT taken from? and what's the reason for it? -e.