← Back to team overview

ubuntu-phone team mailing list archive

Re: mapplauncher

 

On Wed, 2015-07-29 at 11:25 +0300, Alberto Mardegan wrote:

> On 07/29/2015 07:07 AM, Tyler Hicks wrote:
> > This stage is not sufficient since there is no exec() performed
> > here. This removes the possibility of per-process address space
> > layout randomization (ASLR). All processes on the system that were
> > spawned by qml-booster will have the same memory layout, even if
> > the program authors are trying to do the right thing by building
> > with -fPIE.
> 
> Can you elaborate a bit on the risks of not having ASLR? As I
> understand it, since the process is confined, it still won't be able
> to perform any action that a malicious application wouldn't be able to
> do, right?


Yes, assuming that all of our interfaces and security profiles have no
bugs, ASLR doesn't provide additional benefit. But that's not an
assumption that I'm willing to make.

Security is provided by having layers like an onion. ASLR is one of
those layers. Not having it doesn't make things insecure but it does
make things less secure.

Personally, as a user, I wouldn't want it to be an option that app
developers could disable.

Ted

Attachment: signature.asc
Description: This is a digitally signed message part


Follow ups

References