Allow to enable a set of hardening flags

RESOLVED INVALID

Status

defect
RESOLVED INVALID
7 years ago
7 months ago

People

(Reporter: glandium, Unassigned)

Tracking

(Blocks 2 bugs)

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 obsolete attachment)

(Reporter)

Comment 1

7 years ago
Attachment #595989 - Flags: review?(wtc)

Comment 2

3 years ago
Is there any progress on this?
Many distributions have hardening flags enabled by default for all packages or just for firefox, e.g. https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox&id=16277db3aa6776d34ce691bd2cc87b76dbfc6336#n94

This is the arch firefox:
$ hardening-check /usr/bin/firefox
/usr/bin/firefox:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

This is firefox-nightly from Mozilla:
$ hardening-check /usr/bin/firefox-nightly 
/usr/bin/firefox-nightly:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!
No longer blocks: 1359915
Assignee: wtc → nobody
Attachment #595989 - Attachment is obsolete: true
Attachment #595989 - Flags: review?(wtc)

Updated

7 months ago
Status: NEW → RESOLVED
Last Resolved: 7 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.