Closed Bug 1359912 Opened 3 years ago Closed 3 years ago

Add -Wl,-z,relro linker flags

Categories

(Core :: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: tjr, Assigned: glandium)

References

(Blocks 2 open bugs)

Details

(Keywords: sec-want, Whiteboard: [sg:want][adv-main56-])

Attachments

(1 file)

This bug was created as a clone Bug 620058 which contains more context.
Depends on: 1384314
Assignee: nobody → mh+mozilla
Comment on attachment 8890094 [details]
Bug 1359912 - Add -z relro linker flags.

https://reviewboard.mozilla.org/r/161168/#review166552

Yay for minor security wins!

But the Try push is on fire, so no r+.

Also, do you need to announce this when it lands because it could introduce new classes of crashes due to a segfault accessing a (now) read-only segment? Will the crash signature make this obvious?
Attachment #8890094 - Flags: review?(gps) → review-
Comment on attachment 8890094 [details]
Bug 1359912 - Add -z relro linker flags.

https://reviewboard.mozilla.org/r/161168/#review166600

This patch didn't change. But I trust you and enough eyes are on other code related to this that I feel comfortable giving this my stamp of approval.
Attachment #8890094 - Flags: review?(gps) → review+
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/adb09e2d7a30
Add -z relro linker flags. r=gps
Backout by kwierso@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/ab2472a1042b
Backed out changeset adb09e2d7a30 for breaking linux noopt debug builds a=backout
Depends on: 1385117
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/465b7a02cb33
Add -z relro linker flags. r=gps
Blocks: 1359918
https://hg.mozilla.org/mozilla-central/rev/465b7a02cb33
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Flags: needinfo?(mh+mozilla)
Whiteboard: [sg:want] → [sg:want][adv-main56-]
You need to log in before you can comment on or make changes to this bug.