Linux more secure than ever: Secure Windows Boot and PIE
Ubuntu 17.10 is long way off till October, but we are already getting a taste of it due to daily builds. And what's exciting is that the first alpha builds are almost there. We have yet seen a major overhaul where Unity isn't the preferred DE of choice and being replaced by Gnome 3. The X display server has been replaced by Wayland, and everything else looks fresh. But the question comes, what about security? Artful Aardvark has you counting on it as developers are working 24/7 on it, implementing new features like PIE (Post Independent Executables) support and Secure Boot enabled by default for better security.
We had already seen PIE support in openSUSE Tumbleweed a few days back. PIE is a feature that loads executable binaries compiled with PIE support at random memory addresses, disallowing text relocation. PIE support coming for Ubuntu and all its major variants is a good news as all users will now have PIE binaries enabled that will automatically be loaded into random locations within the virtual memory, along with all of their dependencies, each time the respective applications are being executed. This makes Return Oriented Programming (ROP) attacks harder to execute properly.
"PIE is now enabled across all architectures by default in Artful. Targeted rebuilds have been done of packages which would break reverse-build-dependencies due to not being compiled with PIE," says Steve Langasek. "The rest of the archive will now pick up PIE support on i386, armhf, and arm64 over the development cycle with rebuilds."
Another feature worth mentioning that too will be implemented in Artful Aardvark is Netplan.Netplan is Canonical's consolidated YAML network configuration across Ubuntu, in the Ubuntu Cloud images. This will be used as default configurator network while setting up Ubuntu Server afresh via the Debian installer.
As you already got a hint from the topic, Ubuntu will now be packing secure boot chainloading. This is a good news for people who dual boot Windows and Ubuntu as it will make selection of Windows from the GRUB menu a lot easier. Users will also now not be prompted to disable Secure Boot while working on the DKMS module.
Finally, time for the big news. Artful Aardvark will now come with the Python 3.6 series. It will be in the artful proposed repository. There also has been some news that Linux kernel 4.13 that is to be released by midway July, would be the default kernel for Ubuntu 17.10.
Ubuntu always has been the Linux distro of choice for most users, and will continue to be no matter what change they put on. While we wait 17.10 to be released in October, we can be pretty sure we will come across much more changes in Artful Aardvark's daily builds. If you want to try out the daily builds for yourself, you have the links below.
Ubuntu 17.10 (Artful Aardvark) Daily Builds
More from Ask Us Junkies
Wireless LAN Tutorial: Samba
Know your basic waveforms
One step production hacks (Part 2)
No comments: