mingw-clang builds do not have ASLR
Categories
(Firefox Build System :: General: Unsupported Platforms, enhancement, P5)
Tracking
(firefox-esr60 fixed, firefox66 fixed)
People
(Reporter: tjr, Assigned: tjr)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor])
Attachments
(2 files)
5.08 KB,
patch
|
froydnj
:
review+
|
Details | Diff | Splinter Review |
4.79 KB,
patch
|
jcristau
:
approval-mozilla-esr60+
|
Details | Diff | Splinter Review |
mingw requires ASLR to be specified manually.
There seems to be two potential issues with this:
- A problem I don't really know/understand that prevents it being enabled by default
- An issue with relocations being stripped (as described here): https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
We don't seem to be affected by (2) - I confirmed with Process Explorer that both the x86 and x64 opt builds[0] have ASLR on all modules and spot-checked several with winchecksec which checks for relocations.
I don't think we're affected by (1) either... the problem IIRC is with gcc/binutils and lld merely mirrors the default there.
[0] https://treeherder.mozilla.org/#/jobs?repo=try&revision=18c6aa91dd32be03d9f3f071ab63dcee4283b7b4 for reference
Assignee | ||
Comment 1•5 years ago
|
||
Is there a reason that this needs to go under hardening flags, as opposed to just some general location?
Assignee | ||
Comment 3•5 years ago
|
||
(In reply to David Major [:dmajor] from comment #2)
Is there a reason that this needs to go under hardening flags, as opposed to just some general location?
No; it just seemed the most appropriate place. (I figured the fewer things that go in old-configure.in the better; and wasn't sure of a better place in a foo.configure.py)
I'm on the fence so I'll leave it in the queue and see if anyone else has a strong opinion.
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Pushed by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/326b73629e37
Enable ASLR for mingw-clang builds. r=froydnj
Comment 6•5 years ago
|
||
bugherder |
Assignee | ||
Comment 7•5 years ago
•
|
||
[ESR Uplift Approval Request]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: Needed by Tor; brings central and esr60 in sync
User impact if declined: Tor will need to carry another patch
Fix Landed on Version: 66.0a1 / 20190119095933
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): mingw-clang build change only
((Note that this can wait until 60.6 just like Bug 1520310))
Comment 8•5 years ago
|
||
Comment on attachment 9038261 [details] [diff] [review] Bug 1520308 - Enable ASLR for mingw-clang builds. r=froydnj (esr60) aslr for mingwclang, approved for 60.5esr build2.
Comment 9•5 years ago
|
||
bugherder uplift |
Updated•5 years ago
|
Description
•