Closed Bug 725941 Opened 12 years ago Closed 6 years ago

Allow to enable a set of hardening flags

Categories

(NSPR :: NSPR, defect)

Product:
NSPR
Component:
NSPR
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: glandium, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file) 


        Attachment #595989 -
        Flags: review?(wtc)

    
    

    
  
Is there any progress on this?
Many distributions have hardening flags enabled by default for all packages or just for firefox, e.g. https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox&id=16277db3aa6776d34ce691bd2cc87b76dbfc6336#n94

This is the arch firefox:
$ hardening-check /usr/bin/firefox
/usr/bin/firefox:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

This is firefox-nightly from Mozilla:
$ hardening-check /usr/bin/firefox-nightly 
/usr/bin/firefox-nightly:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!
Assignee: wtc → nobody

        Attachment #595989 -
        Attachment is obsolete: true

        Attachment #595989 -
        Flags: review?(wtc)

    
  
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: