Closed Bug 708742 Opened 14 years ago Closed 13 years ago

Binary add ons should use all available OS protections such as ASLR, /GS, NX etc.

Categories

(addons.mozilla.org Graveyard :: Add-on Validation, defect, P2)

Product:
addons.mozilla.org Graveyard
Component:
Add-on Validation
Platform:
x86
Windows Vista
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Q1 2012

People

(Reporter: imelven, Unassigned)

Details

(Keywords: sec-want, Whiteboard: [sg:want P3][ReviewTeam])

I'm not sure if binary add-ons are run through the validator currently - either way it would be great if we could run at least the Windows binary addons through binscope as is done for building Firefox.exe and plugin-container.exe via the work in bug 642243. This came up in a recent report that cites that plugins (and binary addons) can weaken the address space layout randomization that Firefox itself has. This was discussed in another bug that I can't find where I also pointed to the work in 642243 - please dupe this bug to that one if appropriate !
Priority: -- → P2
Whiteboard: [required amo-editors]
Target Milestone: --- → Q1 2012
Whiteboard: [required amo-editors] → [required amo-editors][sg:want P3]
Can someone explain what needs to happen for this bug? Off the top of my head: - is this bug for windows platforms only? - is running an executable called 'binscope' the entirety of this bug? - where is binscope available? Is it a CLI program? What is its inputs/outputs? - what do you expect to happen depending on the outputs?
(In reply to Wil Clouser [:clouserw] from comment #1) > Can someone explain what needs to happen for this bug? Off the top of my > head: > > - is this bug for windows platforms only? to a large extent yes - Windows is where most of our users are and also has the most OS level/compile time protections as far as i'm aware > - is running an executable called 'binscope' the entirety of this bug? it's a big part of it - it would be nice to know if popular binary addons built for Windows are using these flags but in the long term it would be good to automatically verify this, if possible > - where is binscope available? Is it a CLI program? What is its > inputs/outputs? yes, it can be run as a command line program. please take a look at the script in bug 642243 which runs it as part of make check for Firefox/plugin-container Windows builds and handles the inputs and outputs of the tools. the installer for binscope is at http://www.microsoft.com/download/en/details.aspx?id=11910 > - what do you expect to happen depending on the outputs? binary addons built for Windows should have all the same protections enabled as Firefox does, so using them doesn't weaken the security guarantees around using Firefox. if binary addons are found that don't use them, this seems like it should result in a bug being filed against that addon.
This is blocked by bug 677797, I believe.
(In reply to Stefan Baebler from comment #3) > This is blocked by bug 677797, I believe. it shouldn't be - bug 677797 is about forcing a relocation of things that get loaded into Firefox (including binary addons) so that even DLL's that aren't built with ASLR support will get relocated. This bug (IMO) is about using the add on validator to try and ensure that binary addons are built with /ASLR, /GS and all the other protections along those lines.
Whiteboard: [required amo-editors][sg:want P3] → [sg:want P3][ReviewTeam]
I'm going to say that this is WONTFIX because the validator currently a.) does not run on Windows and b.) there is no version of binscope for *nix. Unless there are plans to deploy Windows boxes to production (and get Windows licenses to test with), I don't see this happening. Please reopen this bug if it someday becomes possible to binscope from *nix in a clean way.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.