On Thu, 20 Feb 2014 21:41:03 +0100 Nicolas Sebrecht wrote: > On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: > > > And this point is one of the highest security benefits in real world: > > one have non-standard binaries, not available in the wild. Most > > exploits will fail on such binaries even if vulnerability is still > > there. > > While excluding few security issues by compiling less code is possible, > believing that "non-standard binaries" (in the sense of "compiled for > with local compilation flags") gives more security is a dangerous dream.
Any decent security setup contains multiple layers of protection. Use of non-standard binaries, algorithms or implementations is just one of them and it is the simplest math to prove that security is _improved_ this way. Nobody says that system became _acceptably_ secure _only_ by using this techniques. Best regards, Andrew Savchenko
pgpRPR7k1tXEj.pgp
Description: PGP signature