app is not hardened in any way

RESOLVED WORKSFORME

Status

defect
RESOLVED WORKSFORME
4 years ago
9 months ago

People

(Reporter: frazzledjazz, Unassigned)

Tracking

38 Branch

Firefox Tracking Flags

(Not tracked)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.0
Build ID: 20150811213123

Steps to reproduce:

launch firefox or one of its derivative projects


Actual results:

checking security scripts under Linux indicate the application is NOT hardened in ANY way. This makes the application vulnerable in ways I cannot even begin to demonstrate.


Expected results:

This application should have more than the basic protections enabled. If you wrote the code correctly, it should be a matter of changing the makefile options.If not, you have some serious work to be done.Stack protections, range-checks, RELRO, PIE, NX bit, the list goes on.Security check indicates that none or minimal options are used.
Group: firefox-core-security
Component: Untriaged → Build Config
frazzled, could you please be more specific? Please list the tools you're using and the warnings/output that they list. As filed this bug is almost too generic to be useful.
Flags: needinfo?(frazzledjazz)
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 620058
you need info but now its a duplicate? do you need the info or not?
check-security script(python) output reveals that the application is not using or barely using any hardening options.

hmmm....
 firefox   4867 Full RELRO        Canary found           NX enabled    PIE enabled   
I guess its been fixed.Might want to push the update to linux distros(checked on fedora 22) and notify gnu team for icecat about this.Older releases do not match this and are less hardened.
Flags: needinfo?(frazzledjazz)
Resolution: DUPLICATE → WORKSFORME
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in before you can comment on or make changes to this bug.