Hacker News new | past | comments | ask | show | jobs | submit login

I think one strong feature is that it gives less for crackers to play with if they exploit the application. The less environment there is that is usable or recognisable, the better. So I am also in favour of stripping things down to the minimum.



Intuitively this seems plausible. In particular, I'm guessing that return-oriented programming is more difficult in a build with fewer libraries. And just having a custom build based on musl libc, as opposed to the omnipresent Debian and Ubuntu images, might throw off some attackers. I'd appreciate input from a real security expert though.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: