performance tests conducted on 7.04, 7.10, 8.04, 8.10rc
Chris Cheney
ccheney at ubuntu.com
Tue Oct 28 18:45:13 GMT 2008
On Tue, 2008-10-28 at 09:27 -0700, Kees Cook wrote:
> Hi,
>
> On Tue, Oct 28, 2008 at 11:02:37AM -0500, Chris Cheney wrote:
> > Since they only tested on i386 this (aiui) could at least be partially
> > explained by the security enhancements made to Ubuntu. I don't know what
> > all has been changed but I believe at least -PIE was added to binaries
> > at some point. There was discussion about this at a UDS and the fact
> > this would cause some slowdown for i386 in particular since it doesn't
> > have enough registers.
>
> Nothing they tested has been built with PIE. We intentionally only
> built a few[1] network services with PIE, so that won't account for it.
>
> There were some compiler defaults[2] changed (e.g. _FORTIFY_SOURCE=2), but
> that's unlikely to make such a difference in their test times. Most of
> the checks are done at compile-time (which could certainly have
> contributed to the compiler slow-down, but I would bet that's mostly
> due to the 4.3 compiler, as mentioned earlier).
>
> -Kees
>
> [1] https://wiki.ubuntu.com/Security/HardeningWrapper#Early%20PIE%20Targets
> [2] https://wiki.ubuntu.com/CompilerFlags
Kees,
Thanks for the detailed explanation and links; I knew it was more
involved than what I can remember.
Chris
More information about the ubuntu-devel
mailing list