Closed
Bug 1359905
Opened 8 years ago
Closed 6 years ago
Enable fstack-protector-strong on js/
Categories
(Core :: Security, enhancement, P3)
Core
Security
Tracking
()
RESOLVED
FIXED
mozilla65
| Tracking | Status | |
|---|---|---|
| firefox65 | --- | fixed |
People
(Reporter: tjr, Assigned: gcp)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want, Whiteboard: [sg:want][adv-main65-])
Attachments
(1 file, 1 obsolete file)
Created as a clone of https://bugzilla.mozilla.org/show_bug.cgi?id=620058 which contains more context.
|
||
Comment 1•8 years ago
|
||
For context, right now |js/| has |-fno-stack-protector| https://dxr.mozilla.org/mozilla-central/source/js/src/old-configure.in#562
This dates back to https://hg.mozilla.org/mozilla-central/rev/663a3afb238e. A first task for this issue would be to validate if there are still issues if that commit is reverted.
|
||
Updated•8 years ago
|
No longer blocks: b2gSystemSecurity
|
||
Updated•8 years ago
|
status-firefox57:
affected → ---
|
Reporter | |
Updated•8 years ago
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → gpascutto
|
|
Assignee | |
Comment 2•6 years ago
|
||
This was disabled in https://hg.mozilla.org/mozilla-central/rev/663a3afb238e
I'm going to do a full try push with it reverted, and see what our status is.
|
|
Assignee | |
Comment 3•6 years ago
|
||
Looking at the current configure code, it does seem that this is currently only disabled on Mac, i.e. that we are already using stack protector strong on all other targets: https://searchfox.org/mozilla-central/rev/b096dcf0ea226af628fe03f7e7acb56a25853533/js/src/old-configure.in#575
| Comment hidden (obsolete) |
|
|
Assignee | |
Comment 5•6 years ago
|
||
|
|
Assignee | |
Comment 6•6 years ago
|
||
Enable hardening on macOS, enable fstack-protector-strong on js/.
|
|
Assignee | |
Comment 7•6 years ago
|
||
|
|
Assignee | |
Updated•6 years ago
|
Attachment #9024044 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 8•6 years ago
|
||
|
|
Assignee | |
Comment 9•6 years ago
|
||
|
||
Comment 10•6 years ago
|
||
Pushed by gpascutto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cceb6f9235a1
Enable fstack-protector-strong on js/. r=glandium
|
||
Comment 11•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
|
||
Updated•6 years ago
|
Whiteboard: [sg:want] → [sg:want][adv-main65-]
|
|
Assignee | |
Comment 12•6 years ago
|
||
Bug 1533133 suggests that due to the js_flags logic this wasn't enough to enable it.
You need to log in
before you can comment on or make changes to this bug.
Description
•