Comment by kyboren
21 hours ago
I'm not going to say that's a good idea, but I've long had an idea along similar lines that a source-only distribution that generates a bespoke calling convention, stack frame layout, syscall number mapping, etc. for each individual machine at install time would do a lot to mitigate RCE threats.
Gentoo-by-obscurity?
That's exactly how I think of it. Gentoo plus ABI obfuscation.
I'm sure there are issues (particularly around binary blob drivers) but they seem surmountable given enough effort...