-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/18/2017 02:30 PM, John Newman wrote:
Use FreeBSD, build from source ;)
Security regression paradox: What's to prevent whoever might have replaced the binary in the repo - or replaced it in transit to you - from also rigging the source? So you have to audit the source. And the compiler that makes the source useable might have already been compromised, so audit its source and then... oops, compile the audited compiler using a potentially compromised compiler on a potentially compromised OS. This problem is no reason to just give up, but it does transform the security picture from a purely imaginary secure vs. insecure binary state, to an ecosystem of context-dependent compromise solutions. The costs of an "acceptable" security result depend on this question: What it is worth to an adversary to break your security model, vs. how much is preventing compromise of that asset worth to you? If an adversary spends less to successfully attack an asset than they gain by doing so, the adversary wins. If you spend more to successfully defend an asset than that asset is worth to you, you lose. This context provides a rational basis for allocating resources to security, but alas, it rules out absolute values or one size fits all solutions: Who are your potential adversaries, what motivates them, what resources are available to them? Who benefits from your security strategy, and what are they willing / able to pay - in additional work, constraints on their behavior, and cash money - to secure the assets in question? A security model that does not take these factors into accounts is a snake oil security model, regardless of the quality of the tools used. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJYf9tUAAoJEECU6c5Xzmuq4lIIAMmjeyTeLr2kAvlBzbjO9ANq /S33clrbw+kK6UgfgxIMRGuG9mtEF8UPw/aZh0NBLE2498VdG8NNo+ghLqxfzwLe v5OXKeRDHPoOGslB0CP1TciIGSMxPS4v8YXGuM6AbgL0Eb7pE268MtdFt3xmX6ZV z5S0aVWToIqC7CJerjrOPunlvp6EfVWX5heOuBFWSISsYh0eZyH0id5QgJWLTShF awWi8O1BrbvlUEtWWLbnKvB5IWDAAU8/xl6tuuxtozk3ar3hcCNer9KYzjBHvPBx NBiCb9Chg1D0B41g8/VOmQTPQFNaA+mByJ+go4dhMLTYW+HzfMf585aLm6wAxrc= =PvlM -----END PGP SIGNATURE-----