Closed Bug 1360301 Opened 3 years ago Closed Last year

Investigate if/why Unix file managers can't start PIE Programs

Categories

(Core :: Security, defect, P3)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1079662

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

This bug was created as a clone of Bug #620058 which has more context.

From https://dxr.mozilla.org/mozilla-central/source/build/autoconf/compiler-opts.m4#253-280:

> # On other Unix systems, some file managers (Nautilus) can't start PIE programs
This appears to still be a real issue:

- https://bugzilla.redhat.com/show_bug.cgi?id=1296858
- https://bugs.freedesktop.org/show_bug.cgi?id=97226

the tl;dr; is that |file| identifies a pie-executable as being a shared library because some of the ELF metadata for pie-executables really is shared library metadata.
Priority: -- → P3
Per the Gnome bug - https://bugzilla.gnome.org/show_bug.cgi?id=737849.  There is some arguments that they don't really want people launching apps from file managers. I think we should just enable PIE and provide some help for how to get it working in file managers that don't work.

A simple possibility is just a script that will generate a desktop file (generate-launcher.sh):
#!/bin/sh
wd=`pwd`

echo "[Desktop Entry]
Encoding=UTF-8
Version=1.0
Terminal=false
Type=Application
Exec=$wd/firefox
Name=Firefox
Icon=$wd/browser/chrome/icons/default/default48.png
Categories=Network;WebBrowser; " > firefox.desktop

chmod u+x firefox.desktop

If this script is included with Linux builds it enables users to create a desktop file they can move around and it will still work (as long as they don't move where firefox is extracted).

The other possibility is to move to something like Snaps for distributing Firefox.
It sounds like we've made the jump to PIE and we can close this out, right?
Flags: needinfo?(mh+mozilla)
Status: NEW → RESOLVED
Closed: Last year
Flags: needinfo?(mh+mozilla)
Resolution: --- → DUPLICATE
Duplicate of bug: 1079662
You need to log in before you can comment on or make changes to this bug.