Enable /guard:cf on firefox.exe with clang-cl for protection on system dlls
Categories
(Core :: Security, defect, P1)
Tracking
()
People
(Reporter: tjr, Assigned: tjr)
References
Details
Attachments
(2 files, 8 obsolete files)
3.61 KB,
patch
|
away
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
3.24 KB,
patch
|
glandium
:
review+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Comment 2•6 years ago
|
||
Assignee | ||
Comment 4•6 years ago
|
||
Assignee | ||
Comment 6•6 years ago
|
||
Assignee | ||
Comment 7•6 years ago
|
||
Comment 10•6 years ago
|
||
Assignee | ||
Comment 11•6 years ago
|
||
Comment 12•6 years ago
|
||
Comment 13•6 years ago
|
||
Comment 14•6 years ago
|
||
Comment 15•6 years ago
|
||
Assignee | ||
Comment 16•6 years ago
|
||
Comment 17•6 years ago
|
||
Assignee | ||
Comment 18•6 years ago
|
||
Assignee | ||
Comment 19•6 years ago
|
||
Assignee | ||
Comment 20•6 years ago
|
||
Comment 21•6 years ago
|
||
Comment 22•6 years ago
|
||
Assignee | ||
Comment 23•6 years ago
|
||
Comment 24•6 years ago
|
||
Comment 25•6 years ago
|
||
Comment 26•6 years ago
|
||
Assignee | ||
Comment 27•6 years ago
|
||
Comment 28•6 years ago
|
||
Assignee | ||
Comment 29•6 years ago
|
||
Comment 31•6 years ago
|
||
Assignee | ||
Comment 32•6 years ago
|
||
Comment 33•6 years ago
|
||
Comment 34•6 years ago
|
||
Assignee | ||
Comment 35•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Comment 36•6 years ago
|
||
Comment 37•6 years ago
|
||
Assignee | ||
Comment 38•6 years ago
|
||
Comment 39•6 years ago
|
||
Comment 40•6 years ago
|
||
bugherder |
Comment 41•6 years ago
|
||
Assignee | ||
Comment 42•6 years ago
|
||
Comment 43•6 years ago
|
||
Assignee | ||
Comment 44•6 years ago
|
||
(In reply to David Major [:dmajor] from comment #43)
To avoid re-causing bug 1515702 I think we should disallow CFG with
compilers before clang 8.
Added
::: build/moz.configure/toolchain.configure
@@ +1673,5 @@+# This function is a bit confusing. It adds or removes hardening flags in
+# three stuations: if --enable-hardening is passed; if --disable-hardening
+# is passed, and if no flag is passed.
+#
+# At time of this comment writing, all flags are actually added in theI'm not so sure about this comment block: we have a ton of features that
have equivalent behavior in the --enable case and the not-specified case; so
in that sense hardening flags aren't particularly special. But if you think
it helps clarify things, OK.
I've had two or three non-build people confused about this recently, so I think it has value.
@@ +1731,1 @@
# If ASAN _is_ on, undefine FOTIFY_SOURCE just to be safe
Not required, but if you end up making a change to this diff, might want to
fix that FOTIFY typo while you're there.
Fixed.
Assignee | ||
Comment 45•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 46•6 years ago
|
||
Assignee | ||
Comment 47•6 years ago
|
||
Comment 48•6 years ago
|
||
Comment 49•6 years ago
|
||
Assignee | ||
Comment 50•6 years ago
|
||
Updated•6 years ago
|
Assignee | ||
Comment 51•6 years ago
|
||
Confirmed a clang-7 doesn't add the flags but a clang-8 does.
Comment 52•6 years ago
|
||
bugherder landing |
https://hg.mozilla.org/integration/mozilla-inbound/rev/c95ac72ccc07
https://hg.mozilla.org/integration/mozilla-inbound/rev/30a8448f1d27
Comment 53•6 years ago
|
||
[Tracking Requested - why for this release]:
potential sec improvement for uplift to 66
Comment 54•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/c95ac72ccc07
https://hg.mozilla.org/mozilla-central/rev/30a8448f1d27
Comment 55•6 years ago
|
||
Would you like to request uplift to beta? Thanks!
Comment 56•6 years ago
|
||
Changing the priority to p1 as the bug is tracked by a release manager for the current beta.
See How Do You Triage for more information
Assignee | ||
Comment 57•6 years ago
|
||
So I put this into -beta and see at least two consistent crashers... I wonder if these are known issues...
Assignee | ||
Comment 58•6 years ago
•
|
||
Comment on attachment 9039188 [details] [diff] [review]
Bug 1485016 - Enable CFG for Windows builds r?dmajor
Beta/Release Uplift Approval Request
Feature/Bug causing the regression
None
User impact if declined
We'd like to land this small security improvement in 66
Is this code covered by automated tests?
Yes
Has the fix been verified in Nightly?
Yes
Needs manual test from QE?
No
If yes, steps to reproduce
List of other uplifts needed
Bug 1485016 (before this one), Bug 1485016 (after this one)
Risk to taking this patch
High
Why is the change risky/not risky? (and alternatives if risky)
We're enabling a Windows compiler mitigation that has the potential for unexpected behavior. We would need to observe crashes on Beta and see if we detect anything unusual; and back it out if so.
String changes made/needed
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 59•6 years ago
|
||
Fixed try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=01b08e7e740730893823a046c74311c79167deff
Should be good now.
Comment 60•6 years ago
|
||
Make sure to include the arm64 piece from bug 1525588 if this gets uplifted.
Comment 61•6 years ago
|
||
Comment 62•6 years ago
|
||
bugherder uplift |
Updated•6 years ago
|
Description
•