Open Bug 1610148 Opened 5 years ago Updated 2 months ago

Add /DEPENDENTLOADFLAG linker flag to configure

Categories

(Firefox Build System :: General, enhancement)

enhancement

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: emk, Assigned: emk)

References

()

Details

Attachments

(1 file)

This will mitigate DLL preload attacks.

Does lld-link support /DEPENDENTLOADFLAG?

See Also: → 1610150

(In reply to Masatoshi Kimura [:emk] from comment #0)

Does lld-link support /DEPENDENTLOADFLAG?

It doesn't :(

90:45.38 lld-link: warning: ignoring unknown argument '-DEPENDENTLOADFLAG:0xA00'

Apparently this option corresponds to IMAGE_LOAD_CONFIG_DIRECTORY.DependentLoadFlags.

We can define _load_config_used to customize the IMAGE_LOAD_CONFIG_DIRECTORY structure.

Severity: normal → S3

(In reply to Masatoshi Kimura [:emk] from comment #0)

This will mitigate DLL preload attacks.

Does lld-link support /DEPENDENTLOADFLAG?

It supports since LLVM 18.

(In reply to nurmukhametov.alex@gmail.com from comment #4)

(In reply to Masatoshi Kimura [:emk] from comment #0)

This will mitigate DLL preload attacks.

Does lld-link support /DEPENDENTLOADFLAG?

It supports since LLVM 18.

Great news!

Depends on: clang-18

We can't add the flag to EXE files unless we fix bug 1733734 or fix bug
1691782 and 1710147.

Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Pushed by VYV03354@nifty.ne.jp:
https://hg.mozilla.org/integration/autoland/rev/95da9894a2b1
Add -DEPENDENTLOADFLAG:0x800 to DLL link flags. r=firefox-build-system-reviewers,glandium

Backed out for causing mass failures

Flags: needinfo?(VYV03354)

Candidates:
js.exe -> mozglue nspr4
pk12util -> nss3 -> mozglue
certutil -> nss3 -> mozglue
mozavcodec -> gkcodecs mozavutil (Fails at LoadLibraryOrCrash)
certutil.exe -> nss3 -> mozglue

Flags: needinfo?(VYV03354)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: