Closed
Bug 272138
Opened 20 years ago
Closed 7 years ago
Stack smashing protection (ssp, ProPolice)
Categories
(Firefox Build System :: General, enhancement)
Firefox Build System
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 620058
People
(Reporter: ahziem1, Unassigned)
References
(Blocks 1 open bug)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 History has shown buffer overflows in web client are dangerous; however, it is possible to mitigate this risk using stack smashing protection. I suggest making Firefox (and any libraries) compatible with this SSP, so that Firefox compiles and runs properly. Then I suggest Firefox downloads are compiled with SSP enabled. Reproducible: Didn't try Steps to Reproduce: I could not find any information that shows that SSP is enabled or works for Firefox. According to other peoples' experiences, Firefox does not work with stack protection: http://archives.neohapsis.com/archives/linux/debian/2004-q3/0146.html Actual Results: It appears SSP does not work with Firefox. Expected Results: Firefox download should have SSP by default. IBM: GCC extension for protecting applications from stack-smashing attacks http://www.trl.ibm.com/projects/security/ssp/
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Component: General → Build Config
Ever confirmed: true
Comment 2•20 years ago
|
||
Earlier versions of Mozilla, Firefox, and Thunderbird had problems with ProPolice on certain OpenBSD platforms. However, OpenBSD now enables Propolice for the current versions of all these packages. It's possible that it works on Debian now too.
Comment 3•19 years ago
|
||
i managed to build firefox with propolice on mandrake. firefox seems to run fine, though it was not tested very hard. did it this way: patched gcc/g++ with the propolice patch and installed in ~/local/bin set CC=~/local/bin/gcc and g++ and builded firefox. the only problem was a hardcoded "gcc" somewhere in crypto but it was overcome by doing the compile with local gcc. then all that was needed was adding a gcc shared library in LD_LIBRARY_PATH. even easier would be: ln -s ~/local/bin/gcc /usr/bin/gcc && same_for_g++ and then distributing the libgcc*.so in dist/bin. the risk of breaking something is very low imho. why not distribute some propolice nightlies and see if users cry?
Comment 4•19 years ago
|
||
patched gcc was configured with --enable-stack-protector so no need of CFLAGS.
the last time we tried to play with gcc libraries we ran afoul of licensing, that may or may not have changed (it might have been related to problems w/ 296 which were fixed later)
Assignee: firefox → bryner
Comment 6•18 years ago
|
||
according to http://gcc.gnu.org/gcc-4.1/changes.html GCC can now emit code for protecting applications from stack-smashing attacks. The protection is realized by buffer overflow detection and reordering of stack variables to avoid pointer corruption. when building with shared libraries a gcc library seems needed.
Reporter | ||
Comment 7•18 years ago
|
||
Regarding Comment #6, previous version of GCC could do the same with a patch (mentioned in comment #1), but the trick, from what I understand, is making sure that the application runs correctly with the modification. Since Fedora Core 5 includes both GCC 4.1 (including the stack smashing feature enabled) and Firefox, it will be a good test. However, it would still be good for Mozilla to distribute official binaries (for Windows, Linux, etc.) with the stack smashing.
Comment 8•18 years ago
|
||
i have successfully built mozilla with the propolice patch and it worked with (almost) no performance penalty. now mainstream gcc supports some stack protection. probably export CFLAGS=-fstack-protector make build should be enough
Comment 9•18 years ago
|
||
iirc hardened gentoo, openbsd and adamantix "build world" with the propolice patch (not quite sure about adamantix)
Updated•18 years ago
|
QA Contact: general → build.config
Updated•18 years ago
|
Assignee: bryner → nobody
Version: unspecified → Trunk
Comment 10•18 years ago
|
||
building with gcc 4.1 and CFLAGS="-fstack-protector -static-libgcc" CXXFLAGS="-fstack-protector -static-libgcc" (not sure if static-libgcc is needed) works - the archive works on another distro. probably making this on winblows is just a matter of compiler/linker switches. what is the problem for not distributing such builds?
Comment 11•17 years ago
|
||
chofmann, can something be done for this bug? it is a matter of compiler flags and the ROI is good though not perfect.
Comment 12•17 years ago
|
||
pav & vlad, any thoughts?
Updated•15 years ago
|
Blocks: exploit-mitigation
Comment 13•15 years ago
|
||
gcc can do this now, it's true. And perhaps as or more significantly, so can modern msvc releases, /GS and whatnot. Have been for a while. I believe they've spent quite some effort tuning it to be cheap, even.
Comment 14•15 years ago
|
||
We do use /GS on Windows, see bug 222471.
Comment 15•15 years ago
|
||
Warms my heart to hear, thanks :)
Comment 16•15 years ago
|
||
> gcc can do this now
FYI vanilla gcc can do this since at least several years and even more with a patch.
Comment 17•10 years ago
|
||
Looks like this can be used on all platforms …
OS: Linux → All
Hardware: x86 → All
Comment 18•10 years ago
|
||
Per comment 14 we already have this on Windows.
Comment 19•10 years ago
|
||
Yeah, that leaves Linux + OS X.
Comment 20•7 years ago
|
||
Bug 620058 added |--enable-hardening| which sets |-fstack-protector-strong|, so I believe this can be closed.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•6 years ago
|
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•