[Bug 1946003] Re: hotplug causing cloud-init to spike CPU usage

[Paolo Pettinato]

Thank you @falcojr et al.
Any chances this fix / version will be backported in the "updates" stream of 
older LTS releases?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1946003

Title:
  hotplug causing cloud-init to spike CPU usage

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1946003/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1452115] Re: Python interpreter binary is not compiled as PIE

[Paolo Pettinato]

** Also affects: python3.6 (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1452115

Title:
  Python interpreter binary is not compiled as PIE

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1452115/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1452115] Re: Python interpreter binary is not compiled as PIE

[Paolo Pettinato]

I do believe pie is explicitly disabled when building Python 3.6. Using
hardening-check on Ubuntu Bionic (from the devscripts package):

$ hardening-check /usr/bin/python3
/usr/bin/python3:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!

Also from debian/rules in
http://archive.ubuntu.com/ubuntu/pool/main/p/python3.6/python3.6_3.6.5-3.debian.tar.xz:

export DEB_BUILD_MAINT_OPTIONS=hardening=-pie

According to http://manpages.ubuntu.com/manpages/bionic/man1/dpkg-
buildflags.1.html this syntax disables pie - it should be "+pie", and is
enabled by default on Bionic:

$ dpkg-buildflags --status
dpkg-buildflags: status: vendor is Ubuntu
dpkg-buildflags: status: future features: lfs=no
dpkg-buildflags: status: hardening features: bindnow=no format=yes fortify=yes 
pie=yes relro=yes stackprotector=yes stackprotectorstrong=yes
dpkg-buildflags: status: qa features: bug=no canary=no
dpkg-buildflags: status: reproducible features: fixdebugpath=yes timeless=yes
dpkg-buildflags: status: sanitize features: address=no leak=no thread=no 
undefined=no
...

with the environment variable set:
$ DEB_BUILD_MAINT_OPTIONS=hardening=-pie dpkg-buildflags --status
dpkg-buildflags: status: environment variable 
DEB_BUILD_MAINT_OPTIONS=hardening=-pie
dpkg-buildflags: status: vendor is Ubuntu
dpkg-buildflags: status: future features: lfs=no
dpkg-buildflags: status: hardening features: bindnow=no format=yes fortify=yes 
pie=no relro=yes stackprotector=yes stackprotectorstrong=yes
dpkg-buildflags: status: qa features: bug=no canary=no
dpkg-buildflags: status: reproducible features: fixdebugpath=yes timeless=yes
dpkg-buildflags: status: sanitize features: address=no leak=no thread=no 
undefined=no
...

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1452115

Title:
  Python interpreter binary is not compiled as PIE

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1452115/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs