On Thu, 23 Jul 2020, charlie derr wrote:
On 7/23/20 9:49 AM, Michael De Roover wrote:
[...]
For this to work at all though, they'd have to provide all packages
simply as source code (why not use the distribution's own source
repositories?) and compile it on the target.
[...]
While it would still *technically* be security by obscurity, it would
seem to me that there's some value to this approach because access to
the compiled binary wouldn't necessarily be easy to obtain (especially
if the sysadmin provisioning the system takes extra efforts to *not*
share it with anyone). Or am i missing something?
They actually run a very large build farm in AWS, and they claim that all
binaries are made just for you. Basically you change your distro's package
repositories to theirs. Preventing people from examining the binaries in
order to craft working memory exploits which work across a large installed
base is exactly what they're aiming to prevent.
Disclosure: I've heckled their CTO in a friendly fashion for making better
idiots, but I paid for my own Old Fashioned.
--
Fred Morris
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
