build with PIE to gain remaining ASLR support
Bug #507744 reported by
Kees Cook
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| firefox (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
| firefox-3.5 (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
| xulrunner-1.9.1 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: xulrunner-1.9.1
The xulrunner stub used to build firefox is still non-relocatable, so a portion of the firefox memory image is predictable. As part of the security team workitems, firefox should be built PIE. There are no performance regressions, as tested by a javascript performance tool:
http://
First two are stock firefox, second two are PIE firefox.
Attaching branches that implement PIE via hardening-wrapper. I attempted to use hardening-includes, but something in the build does not correctly respect CFLAGS, CXXFLAGS, or LDFLAGS defined in the debian/rules file.
Related branches
lp:~kees/xulrunner/xulrunner-1.9.1.head+lp507744
- No reviews requested
- Diff: 0 lines
lp:~kees/firefox/firefox-3.5.head+lp507744
- Micah Gersten (community): Approve
-
Diff: 49 lines (+13/-0)3 files modifieddebian/changelog (+10/-0)
debian/control (+1/-0)
debian/rules (+2/-0)
| Changed in firefox-3.5 (Ubuntu): | |
| status: | New → In Progress |
| importance: | Undecided → Medium |
| Changed in xulrunner-1.9.1 (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in firefox-3.5 (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| Changed in xulrunner-1.9.1 (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| affects: | firefox-3.5 (Ubuntu) → firefox (Ubuntu) |
| Changed in firefox (Ubuntu): | |
| status: | In Progress → Fix Released |
| Changed in xulrunner-1.9.1 (Ubuntu): | |
| assignee: | Kees Cook (kees) → nobody |
| status: | In Progress → Fix Committed |
| Changed in firefox-3.5 (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in xulrunner-1.9.1 (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Changed in firefox-3.5 (Ubuntu): | |
| status: | Fix Committed → Won't Fix |
To post a comment you must log in.
This bug was fixed in the package xulrunner-1.9.1 - 1.9.1.8+
---------------
xulrunner-1.9.1 (1.9.1.
* New upstream release v1.9.1.8 (FIREFOX_
- see USN-896-1
[ Kees Cook <email address hidden> ]
* enable PIE build for increased security (LP: #507744)
- update debian/rules
- update debian/control
* fix failure in build due to unrecognized line-end-escapes in Makefile
- add debian/
- update debian/
[ Dmitrijs Ledkovs <email address hidden> ]
* Merge dh_xulrunner fixes from Debian see http://
* Update documentation for dh_xulrunner
- update debian/
-- Micah Gersten <email address hidden> Mon, 15 Feb 2010 10:54:56 -0600