| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Alan McKinnon: |
| 5 |
> On 20/02/2014 22:41, Nicolas Sebrecht wrote: |
| 6 |
>> On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko |
| 7 |
>> wrote: |
| 8 |
>> |
| 9 |
>>> And this point is one of the highest security benefits in real |
| 10 |
>>> world: one have non-standard binaries, not available in the |
| 11 |
>>> wild. Most exploits will fail on such binaries even if |
| 12 |
>>> vulnerability is still there. |
| 13 |
>> |
| 14 |
>> While excluding few security issues by compiling less code is |
| 15 |
>> possible, believing that "non-standard binaries" (in the sense of |
| 16 |
>> "compiled for with local compilation flags") gives more security |
| 17 |
>> is a dangerous dream. |
| 18 |
>> |
| 19 |
> |
| 20 |
> |
| 21 |
> +1 |
| 22 |
> |
| 23 |
> "non-standard binaries" is really just a special form of security |
| 24 |
> by obscurity. |
| 25 |
|
| 26 |
So you are saying compiling a minimal kernel to minimize exposure to |
| 27 |
subsystem bugs is only obscurity? (I really wonder what Greg would say |
| 28 |
to this) |
| 29 |
|
| 30 |
The argument that this particular setup may be less tested is a valid |
| 31 |
one. But less tested also means less commonly known exploits and |
| 32 |
testing these setups is a win-win for users and upstream. |
| 33 |
|
| 34 |
Whether you like it or not... whenever you install software on a |
| 35 |
server, you become a tester at the same point. |
| 36 |
-----BEGIN PGP SIGNATURE----- |
| 37 |
|
| 38 |
iQEcBAEBCgAGBQJTB19lAAoJEFpvPKfnPDWzxR0H/1sz9v/yvAS/EvdCUgo6MBYW |
| 39 |
0+A1yJPNfDK3eNMtcipcfBLIs2PbxjamtXKI/Ysjbog3oJxrt1cczDlLByGgG2kW |
| 40 |
PM0buUKsId6eLM/X3X9UJ06ZCVIK4JN4Baf9OAaBdJrquwL1Ja7rfzjTbC7vEOWj |
| 41 |
9H0UqHuVL6qgvUvyVodMJWVXjc8Deda5w+Z9bWAbeBncf/pDukOO0JWr/6/wUsNe |
| 42 |
fhdcDqijB+qZ3auHA7YYwpwIYTBIGdlHRUwqm9zVDbSnOQm79FLE/3+dsaAjTqv/ |
| 43 |
NmXvsAmggHb1Q6FpMwZmaXHCtTMN67zWRaE+Oi36p7p7gZK/1DyW8lwgqBsq5/M= |
| 44 |
=ZQID |
| 45 |
-----END PGP SIGNATURE----- |
Archives