© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Strong requires 4.9, I believe.
Stack canaries should be random on startup (and per process), so as long as there's significant entropy, this shouldn't be a big issue, no? I know that there are fundamental issues with them, but I don't think my canary should be the same as someone else's just because we use the same OS.
Ubuntu has never cited compatibility, only performance, as the reason they don't enable it. I can't think of any programs on a default install that should have problems with PIE. Compatibility issues will come from things like fixed addresses or interop with other programs, potentially.
Sudo is not necessarily representative, but keep in mind that:
1) It's one example
2) Performance impact is *only* on product startup/ linking, not on runtime performance.
and keep in mind that with ASLR it's often an all-or-nothing game. A flawed implementation is nearly as bad as no implementation.
I can try to do benchmarks on RELRO performance, as well as PIE (AFAIK it's a slight increase in binary size, and that's it). This will take time, I'm finishing up my last week of work and headed back to school right after.
Thanks for enabling in Files. I would certainly recommend prioritizing anything networked, of course, though, as I said, local attack surface (even for unprivileged processes) is valuable. But gotta start somewhere.
Thank *you* for taking this seriously.
Also, as I work on my apparmor program I'll probably end up debugging this dnscrypt issue. If you do have any information on it, I'd appreciate saving time on it, but otherwise I will get around to it.