Open Bug 512341 Opened 10 years ago Updated 5 years ago
Security Build logic does not allow instrumenting the current code
Check out the line # 341 in the link below. http://mxr.mozilla.org/mozilla-central/source/security/coreconf/rules.mk This does not uptake the LDFLAGS passed from the .mozconfig and so this whole security code in coreconf, nss etc., is not getting instrumented. We should change the line from $(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) to $(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
No, absolutely do not put LDFLAGS into the line with MKSHLIB in NSS.
May be I'm selfish and looking only at code coverage view. But I would be really I interested to know the reason for the NO in comment #1 I'm asking this question with pure technical interest and not questioning your judgement. Please indulge my curiosity. Rgds murali
Murali: there are a few Mozilla developers who know Mozilla's and NSS's build systems very well. You can find them in bug 511743 (:bs, :luser, and cls). They are the best people to consult about this bug. The fix of this bug will require changes to some NSS makefiles and then pass your linker flags to NSS in mozilla/security/manager/Makefile.in, similar to how you pass your compiler flags to NSS: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/Makefile.in&rev=1.84&mark=217-220#217
I went and looked for places where LDFLAGS is used in existing NSS makefiles and found 29 matching lines in 12 files. See http://mxr.mozilla.org/security/search?string=LDFLAGS&case=on&find=%2Fsecurity%2F%5Bnc%5D&findi=&filter=%5CbLDFLAGS&hitlimit=&tree=security It appears to me that LDFLAGS is used to hold the linker flags for linking executable programs, but not the linker flags for shared libraries.
I hope some one is still looking at instrumenting NSS. Should I continue finding non insecure ways to instrument the NSS still ?
You need to log in before you can comment on or make changes to this bug.