build with PIE to gain remaining ASLR support
Bug #507744 reported by
Kees Cook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
firefox-3.5 (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
xulrunner-1.9.1 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: xulrunner-1.9.1
The xulrunner stub used to build firefox is still non-relocatable, so a portion of the firefox memory image is predictable. As part of the security team workitems, firefox should be built PIE. There are no performance regressions, as tested by a javascript performance tool:
http://
First two are stock firefox, second two are PIE firefox.
Attaching branches that implement PIE via hardening-wrapper. I attempted to use hardening-includes, but something in the build does not correctly respect CFLAGS, CXXFLAGS, or LDFLAGS defined in the debian/rules file.
Related branches
lp:~kees/xulrunner/xulrunner-1.9.1.head+lp507744
- No reviews requested
- Diff: 0 lines
lp:~kees/firefox/firefox-3.5.head+lp507744
Merged
into
lp:firefox/3.5
- Micah Gersten (community): Approve
-
Diff: 49 lines (+13/-0)3 files modifieddebian/changelog (+10/-0)
debian/control (+1/-0)
debian/rules (+2/-0)
Changed in firefox-3.5 (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in xulrunner-1.9.1 (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in firefox-3.5 (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in xulrunner-1.9.1 (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
affects: | firefox-3.5 (Ubuntu) → firefox (Ubuntu) |
Changed in firefox (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in xulrunner-1.9.1 (Ubuntu): | |
assignee: | Kees Cook (kees) → nobody |
status: | In Progress → Fix Committed |
Changed in firefox-3.5 (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in firefox-3.5 (Ubuntu): | |
status: | Fix Committed → Won't Fix |
To post a comment you must log in.
This bug was fixed in the package xulrunner-1.9.1 - 1.9.1.8+ build1+ nobinonly- 0ubuntu1
--------------- 8+build1+ nobinonly- 0ubuntu1) lucid; urgency=low
xulrunner-1.9.1 (1.9.1.
* New upstream release v1.9.1.8 (FIREFOX_ 3_5_8_BUILD1)
- see USN-896-1
[ Kees Cook <email address hidden> ] patches/ fix-build- glitch. patch patches/ series
* enable PIE build for increased security (LP: #507744)
- update debian/rules
- update debian/control
* fix failure in build due to unrecognized line-end-escapes in Makefile
- add debian/
- update debian/
[ Dmitrijs Ledkovs <email address hidden> ] bugs.debian. org/567746 dh/dh_xulrunner .in
* Merge dh_xulrunner fixes from Debian see http://
* Update documentation for dh_xulrunner
- update debian/
-- Micah Gersten <email address hidden> Mon, 15 Feb 2010 10:54:56 -0600