Open Bug 512341 Opened 10 years ago Updated 5 years ago

Security Build logic does not allow instrumenting the current code.

Categories

(NSS :: Build, defect)

x86
Linux
defect
Not set

Tracking

(Not tracked)

People

(Reporter: murali, Unassigned)

References

()

Details

Check out the line # 341 in the link below.
http://mxr.mozilla.org/mozilla-central/source/security/coreconf/rules.mk

This does not uptake the LDFLAGS passed from the .mozconfig and so this whole security code in coreconf, nss etc., is not getting instrumented.

We should change the line from 
$(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)

to
$(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
No, absolutely do not put LDFLAGS into the line with MKSHLIB in NSS.
Blocks: 512290
May be I'm selfish and looking only at code coverage view. But I would be really I interested to know the reason for the NO in comment #1

I'm asking this question with pure technical interest and not questioning your judgement. Please indulge my curiosity. 

Rgds
murali
Murali: there are a few Mozilla developers who know Mozilla's
and NSS's build systems very well.  You can find them in
bug 511743 (:bs, :luser, and cls).  They are the best people
to consult about this bug.

The fix of this bug will require changes to some NSS
makefiles and then pass your linker flags to NSS in
mozilla/security/manager/Makefile.in, similar to how you
pass your compiler flags to NSS:

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/Makefile.in&rev=1.84&mark=217-220#217
I went and looked for places where LDFLAGS is used in existing NSS makefiles
and found 29 matching lines in 12 files.  See

http://mxr.mozilla.org/security/search?string=LDFLAGS&case=on&find=%2Fsecurity%2F%5Bnc%5D&findi=&filter=%5CbLDFLAGS&hitlimit=&tree=security

It appears to me that LDFLAGS is used to hold the linker flags for linking
executable programs, but not the linker flags for shared libraries.
I hope some one is still looking at instrumenting NSS. Should I continue finding non insecure ways to instrument the NSS still ?
You need to log in before you can comment on or make changes to this bug.