    My first thought was static linking, which the authors mention; but then my next thought was build systems like Nix where every binary is hard-coded to its particular dependencies. Is the sharing on a NixOS system still sufficient to merit not statically linking (given the arguments in this paper)?

    I appreciate that this is a separate issue to the interpreter hardening.

      Related to the Google initiative to get a custom libc in llvm? https://lobste.rs/s/xyq2pl/libc_llvm