Comment by dmitrygr
1 day ago
This reasoning is actually why I ran Windows XP 64 bit edition for very very long. Most exploits found that it was XP and tried to do stuff and failed on the 64 bit kernel they did not expect.
1 day ago
This reasoning is actually why I ran Windows XP 64 bit edition for very very long. Most exploits found that it was XP and tried to do stuff and failed on the 64 bit kernel they did not expect.
I'm not going to say that's a good idea, but I've long had an idea along similar lines that a source-only distribution that generates a bespoke calling convention, stack frame layout, syscall number mapping, etc. for each individual machine at install time would do a lot to mitigate RCE threats.
Gentoo-by-obscurity?
That's exactly how I think of it. Gentoo plus ABI obfuscation.
I'm sure there are issues (particularly around binary blob drivers) but they seem surmountable given enough effort...