1360301 - Investigate if/why Unix file managers can't start PIE Programs

Status: RESOLVED DUPLICATE of bug 1079662

(Core :: Security, defect, P3)

Description

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

This bug was created as a clone of Bug #620058 which has more context.

From https://dxr.mozilla.org/mozilla-central/source/build/autoconf/compiler-opts.m4#253-280:

> # On other Unix systems, some file managers (Nautilus) can't start PIE programs

Comment 1

[Alex Gaynor [:Alex_Gaynor]]

This appears to still be a real issue:

- https://bugzilla.redhat.com/show_bug.cgi?id=1296858
- https://bugs.freedesktop.org/show_bug.cgi?id=97226

the tl;dr; is that |file| identifies a pie-executable as being a shared library because some of the ELF metadata for pie-executables really is shared library metadata.

Comment 2

[Bryan Quigley]

Per the Gnome bug - https://bugzilla.gnome.org/show_bug.cgi?id=737849.  There is some arguments that they don't really want people launching apps from file managers. I think we should just enable PIE and provide some help for how to get it working in file managers that don't work.

A simple possibility is just a script that will generate a desktop file (generate-launcher.sh):
#!/bin/sh
wd=`pwd`

echo "[Desktop Entry]
Encoding=UTF-8
Version=1.0
Terminal=false
Type=Application
Exec=$wd/firefox
Name=Firefox
Icon=$wd/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser; " > firefox.desktop

chmod u+x firefox.desktop

If this script is included with Linux builds it enables users to create a desktop file they can move around and it will still work (as long as they don't move where firefox is extracted).

The other possibility is to move to something like Snaps for distributing Firefox.

Comment 3

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

It sounds like we've made the jump to PIE and we can close this out, right?