Not really. (except from the theoretic option to offer separate builds, which feels like overkill, waste of precious time, and possibly confusion)
Yes.Or, is this something that has to be set at compile time?
From what i read: Any app built with DYNAMICBASE:NO is more vulnerable to hacker exploits.When you say that it is "less secure", are you referring to the ability of someone to hack into my computer, or are you referring to the stability of the system somehow?
I vote no.MuTools wrote: Fri May 30, 2025 1:22 pm Now i'm left with a difficult dilemma: Should i choose to build MuLab with a less secure build setting to support a couple of old VST2 plugins?
Has anyone checked to see if a bridge such as patchworks, jbridge, etc., works? If things like that work, there is no need to worry about MuLab.
I vote YES!MuTools wrote: Fri May 30, 2025 1:22 pm Now i'm left with a difficult dilemma: Should i choose to build MuLab with a less secure build setting to support a couple of old VST2 plugins?
I tried with Kush Element and Unify but that didn't work, it still crashed. Possibly because both rely on JUCE AudioPluginHost.audiojunkie wrote: Fri May 30, 2025 4:52 pm Has anyone checked to see if a bridge such as patchworks, jbridge, etc., works? If things like that work, there is no need to worry about MuLab.
I don't disagree with your reasoning at all.EvilDragon wrote: Fri May 30, 2025 6:49 pmI tried with Kush Element and Unify but that didn't work, it still crashed. Possibly because both rely on JUCE AudioPluginHost.audiojunkie wrote: Fri May 30, 2025 4:52 pm Has anyone checked to see if a bridge such as patchworks, jbridge, etc., works? If things like that work, there is no need to worry about MuLab.
But this is the wrong way to look at it. It hampers the user experience having to use these workaround subhosts. I think that should be avoided.
I will conclude by saying that audio plugins are more concerned with performance, rather than security. This is why some older plugins (two which we know, but who knows how many more?) relied on hardcoded memory offsets.
I think it's a mistake not to support these oldies but goldies.
People who want to hack a thing will find a way to hack it regardless of how your build flags are set, Jo.
I'll be running Mulab through WINE on my Linux box anyway, so I'm not worried about security with a plugin. Performance-wise, I would imagine that running through WINE would be a bigger performance hit than this linker option. How slight of an impact on performance are you suggesting?EvilDragon wrote: Fri May 30, 2025 6:57 pm This linker option does not affect stability, but it might have a slight impact on performance. It simply randomizes memory offsets used. Which is bad for programs which expect a certain thing to be at a certain exact memory offset.
Imagine, you load a plugin, it requests 2 MB of RAM. Host gives it to the plugin but since it's built with dynamicbase yes, plugin doesn't get a single contiguous block of memory, it gets memory from all over the address space. Therein lies the problem.
I think historically it was implied and expected that plugins would get a contiguous block of memory, and some plugins absolutely relied on that.
If I call for a memory allocation, I don't just expect it to be contiguous, I demand it. The whole concept of memory address translation by the OS just annoys me to no end. It interferes with my ability to go fast. I long for the days when stupid programming brought down the whole system. You learn proper memory management very quickly!EvilDragon wrote: Fri May 30, 2025 6:57 pm I think historically it was implied and expected that plugins would get a contiguous block of memory, and some plugins absolutely relied on that.
I fully understand your pov.EvilDragon wrote: Fri May 30, 2025 6:45 pm All other hosts are also linking using this option and we don't really hear anyone got hacked through a DAW plugin. I vote YES, build with this option and move on.
I will conclude by saying that audio plugins are more concerned with performance, rather than security. I think it's a mistake not to support these oldies but goldies.
Sure, no security method is 100% safe. That's a golden rule in any type of hardware/software security, in IT and outside IT, eg in securing a home. The thing about security is making it more difficult to break in. That's what security systems are about. That's what Microsoft intended with ASLR. I don't want to ignore that without proper thought, as i feel responsible for the user's system security. But i also fully understand the musical pov: Don't overthink this and compile with DYNAMICBASE:NO in favor of those plugins.People who want to hack a thing will find a way to hack it regardless of how your build flags are set, Jo.
I assume there is some misunderstanding somewhere but when you malloc a ram block, you do get a contiguous ram block. I think that the ASLR may impact the memory layout of global variables and maybe that's where Synth1/PG8X make false assumptions. Just a guess.Imagine, you load a plugin, it requests 2 MB of RAM. Host gives it to the plugin but since it's built with dynamicbase yes, plugin doesn't get a single contiguous block of memory, it gets memory from all over the address space. Therein lies the problem.
I think historically it was implied and expected that plugins would get a contiguous block of memory, and some plugins absolutely relied on that.
audiojunkie wrote: Fri May 30, 2025 7:10 pm I'll be running Mulab through WINE on my Linux box anyway, so I'm not worried about security with a plugin. Performance-wise, I would imagine that running through WINE would be a bigger performance hit than this linker option. How slight of an impact on performance are you suggesting?
Submit: News, Plugins, Hosts & Apps | Advertise @ KVR | Developer Account | About KVR / Contact Us | Privacy Statement
© KVR Audio, Inc. 2000-2026
