Closed
Bug 405523
Opened 17 years ago
Closed 17 years ago
Add dynamicbase flag (build with ASLR when available)
Categories
(Firefox Build System :: General, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ws, Assigned: ted)
References
(Blocks 1 open bug)
Details
(Whiteboard: [sg:want?])
Attachments
(1 file, 1 obsolete file)
|
4.80 KB,
patch
|
benjamin
:
review+
|
Details | Diff | Splinter Review |
Investigate linking with /dynamicbase (ASLR in Vista.)
|
||
Comment 1•17 years ago
|
||
As noted in the other bug, /dynamicbase isn't supported by MSVC8, only MSVC8SP1, and isn't documented on MSDN (only noted in a couple of security blogs)... this makes me nervous, and it's also pretty complex to write a configure test for.
http://blogs.msdn.com/michael_howard/archive/2006/10/04/Alleged-Bugs-in-Windows-Vista_1920_s-ASLR-Implementation.aspx
it is documented:
http://msdn2.microsoft.com/en-us/library/bb384887.aspx
Product: Firefox → Core
QA Contact: build.config → build-config
Version: unspecified → Trunk
|
||
Comment 3•17 years ago
|
||
Does the ref platform use SP1 now? Is that risky or can we get this? I'm more than ok with bumping requirements to MSVC8 SP1 if it gets us better mitigation against attacks. This seems like a solid win for minimal effort.
OS: Mac OS X → Windows Vista
|
Assignee | |
Comment 4•17 years ago
|
||
The refplatform uses SP1. Should be easy to turn this on if you want it.
|
|
||
Comment 5•17 years ago
|
||
I don't want to turn this on without a configure check so that we don't break builders with plain VC8 or VC71
|
||
Updated•17 years ago
|
Summary: add dynamicbase flag → Add dynamicbase flag (build with ASLR when available)
Whiteboard: [sg:want?]
|
|
Assignee | |
Comment 6•17 years ago
|
||
This WFM, although I didn't do a full build with it, I just re-built spidermonkey and verified it linked properly.
Assignee: nobody → ted.mielczarek
Status: NEW → ASSIGNED
Attachment #306914 -
Flags: review?(benjamin)
|
|
Assignee | |
Comment 7•17 years ago
|
||
Comment on attachment 306914 [details] [diff] [review]
use dynamicbase on vc8sp1 or newer
Oops, VC8 only differs from SP1 in the fourth version component. New patch in a bit.
Attachment #306914 -
Attachment is obsolete: true
Attachment #306914 -
Flags: review?(benjamin)
|
|
Assignee | |
Comment 8•17 years ago
|
||
Right, this should not fail on plain VC8.
Attachment #306926 -
Flags: review?(benjamin)
|
||
Updated•17 years ago
|
Flags: blocking1.9+
Priority: -- → P1
|
|
Assignee | |
Comment 9•17 years ago
|
||
Here's a build with this patch if anyone wants to do some testing on Vista:
https://build.mozilla.org/tryserver-builds/2008-03-04_02:44-tmielczarek@mozilla.com-dynamicbase/tmielczarek@mozilla.com-dynamicbase-firefox-try-win32.zip
https://build.mozilla.org/tryserver-builds/2008-03-04_02:44-tmielczarek@mozilla.com-dynamicbase/tmielczarek@mozilla.com-dynamicbase-firefox-try-win32.installer.exe
|
|
||
Updated•17 years ago
|
Attachment #306926 -
Flags: review?(benjamin) → review+
|
|
Assignee | |
Comment 10•17 years ago
|
||
Checked in. Someone should test this to make sure it doesn't cause any bustage on Vista. Guess we'll find out in tomorrow's nightlies!
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 11•17 years ago
|
||
Ted:
1) With this enabled, did the nightlies pass all tests ok?
2) Is there anything beyond your landed "configure.in" changes that we need in release automation to ship with this?
|
|
Assignee | |
Comment 12•17 years ago
|
||
John:
1) I haven't seen any evidence otherwise (Talos boxes are fine, and I haven't seen any bugs filed yet)
2) Nope, this gets enabled by default if your compiler supports it
|
|
||
Updated•16 years ago
|
Blocks: exploit-mitigation
|
||
Updated•7 years ago
|
Product: Core → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•