Enable fstack-protector-strong on js/

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P3
normal
RESOLVED FIXED
2 years ago
2 months ago

People

(Reporter: tjr, Assigned: gcp)

Tracking

(Blocks 1 bug, {sec-want})

Trunk
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

(Whiteboard: [sg:want][adv-main65-])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

2 years ago
Created as a clone of https://bugzilla.mozilla.org/show_bug.cgi?id=620058 which contains more context.
(Reporter)

Updated

2 years ago
Depends on: 1359908
(Reporter)

Updated

2 years ago
Depends on: 1359912
(Reporter)

Updated

2 years ago
Depends on: 1359914
(Reporter)

Updated

2 years ago
Depends on: 1359915
(Reporter)

Updated

2 years ago
Depends on: 1359918
(Reporter)

Updated

2 years ago
Depends on: 1359920
(Reporter)

Updated

2 years ago
Depends on: 1359926
(Reporter)

Updated

2 years ago
Depends on: 1359928
For context, right now |js/| has |-fno-stack-protector| https://dxr.mozilla.org/mozilla-central/source/js/src/old-configure.in#562

This dates back to https://hg.mozilla.org/mozilla-central/rev/663a3afb238e. A first task for this issue would be to validate if there are still issues if that commit is reverted.
(Reporter)

Updated

2 years ago
Depends on: 1360299
(Reporter)

Updated

2 years ago
Depends on: 1360300
(Reporter)

Updated

2 years ago
Depends on: 1360301
(Reporter)

Updated

2 years ago
No longer depends on: 1359918
(Reporter)

Updated

2 years ago
No longer depends on: 1360301
(Reporter)

Updated

2 years ago
No longer depends on: 1360300
(Reporter)

Updated

2 years ago
No longer depends on: 1360299
(Reporter)

Updated

2 years ago
No longer depends on: 1359912
(Reporter)

Updated

2 years ago
No longer depends on: 1359908, 1359915, 1359920, 1359926, 1359928, 671426, 1359914
Priority: -- → P3
(Assignee)

Updated

7 months ago
Assignee: nobody → gpascutto
(Assignee)

Comment 2

7 months ago
This was disabled in https://hg.mozilla.org/mozilla-central/rev/663a3afb238e

I'm going to do a full try push with it reverted, and see what our status is.
(Assignee)

Comment 3

7 months ago
Looking at the current configure code, it does seem that this is currently only disabled on Mac, i.e. that we are already using stack protector strong on all other targets: https://searchfox.org/mozilla-central/rev/b096dcf0ea226af628fe03f7e7acb56a25853533/js/src/old-configure.in#575
(Assignee)

Comment 6

6 months ago
Enable hardening on macOS, enable fstack-protector-strong on js/.
(Assignee)

Updated

6 months ago
Attachment #9024044 - Attachment is obsolete: true

Comment 10

6 months ago
Pushed by gpascutto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cceb6f9235a1
Enable fstack-protector-strong on js/. r=glandium

Comment 11

6 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/cceb6f9235a1
Status: NEW → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Whiteboard: [sg:want] → [sg:want][adv-main65-]
(Assignee)

Comment 12

2 months ago

Bug 1533133 suggests that due to the js_flags logic this wasn't enough to enable it.

You need to log in before you can comment on or make changes to this bug.