From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D6DAD138E20 for ; Thu, 20 Feb 2014 20:40:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 80419E0BB1; Thu, 20 Feb 2014 20:40:47 +0000 (UTC) Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 61E1BE09FF for ; Thu, 20 Feb 2014 20:40:46 +0000 (UTC) Received: by mail-wi0-f179.google.com with SMTP id bs8so120474wib.12 for ; Thu, 20 Feb 2014 12:40:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Mg3fjf8jcgtFniJxf8d1q8FDKVdi8Zg1owVLnmJbaE8=; b=ae6AKvxUl85b6E5Un8ZK6VG1pPyUme8LctpHtalj8cz7/m16kRXNpyvZJ5CMoqwTRP AqoKEpd5wEc6UDIhzxJQ83L1LXxqMEakOb87OuRXYByANO4/u0yew9WaYO059ducHCUl LbOk6DdWKfQfaFKbWpVcycqxDLoL8Z4Q6DFzc7WJFX1W1ErAIVRB4f1iVgGQUfvqiMTb VHEqOciuCDOI3HfQfOCCoOYhu0yLvkwY/MzTzbDHIjjaOfeSIvoPMoNg5lIRO0YJepDh 1/MXlzmjdS/ScuQexpJs3z2yT3gEhesDRji3Wh/vF5zp+3WstSP96CEb9ZDqtsZrWnuO 7MUQ== X-Received: by 10.194.174.197 with SMTP id bu5mr3702879wjc.71.1392928844939; Thu, 20 Feb 2014 12:40:44 -0800 (PST) Received: from vidovic.ultras.lan (156.132.84.79.rev.sfr.net. [79.84.132.156]) by mx.google.com with ESMTPSA id jw4sm11555426wjc.20.2014.02.20.12.40.43 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 20 Feb 2014 12:40:44 -0800 (PST) Sender: Nicolas Sebrecht Date: Thu, 20 Feb 2014 21:41:03 +0100 From: Nicolas Sebrecht To: gentoo-user@lists.gentoo.org Cc: Nicolas Sebrecht , Nicolas Sebrecht Subject: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment? Message-ID: <20140220204103.GA3381@vidovic.ultras.lan> References: <5297F0C8.3060403@gmail.com> <5305410B.1090403@gmail.com> <20140220102952.GA6784@sabayon.logifi> <20140220205207.a1f2f6077cfbc037ae9b0bdb@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140220205207.a1f2f6077cfbc037ae9b0bdb@gmail.com> User-Agent: Mutt/1.5.22 (2013-10-16) X-Archives-Salt: 7accd070-a088-4bcb-9a15-c884d3bbeff9 X-Archives-Hash: 2fb6914f991dd4e6b27f340d0544be59 On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: > And this point is one of the highest security benefits in real world: > one have non-standard binaries, not available in the wild. Most > exploits will fail on such binaries even if vulnerability is still > there. While excluding few security issues by compiling less code is possible, believing that "non-standard binaries" (in the sense of "compiled for with local compilation flags") gives more security is a dangerous dream. -- Nicolas Sebrecht