[Nix-dev] Hardened NixOS
Vladimír Čunát
vcunat at gmail.com
Sat Nov 23 09:30:36 CET 2013
On 11/19/2013 03:27 AM, phreedom at yandex.ru wrote:
> Centralized building and security are often at odds. Say, certain grsecurity
> kernel features only make sense if you are running a unique, randomized build.
> Probably if you dig deep enough you'll find some features in gcc which
> introduce similar trade-offs.
IIRC the randomization is always done at runtime, e.g. when loading the
binary. I do think distros use such features with equal binaries.
Vlada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3251 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20131123/a562d425/attachment.bin
More information about the nix-dev
mailing list