Closed Bug 725941 Opened 10 years ago Closed 3 years ago

Allow to enable a set of hardening flags

Categories

(NSPR :: NSPR, defect)

All
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: glandium, Unassigned)

References

(Blocks 2 open bugs)

Details

Attachments

(1 obsolete file)

Attachment #595989 - Flags: review?(wtc)
Is there any progress on this?
Many distributions have hardening flags enabled by default for all packages or just for firefox, e.g. https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox&id=16277db3aa6776d34ce691bd2cc87b76dbfc6336#n94

This is the arch firefox:
$ hardening-check /usr/bin/firefox
/usr/bin/firefox:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

This is firefox-nightly from Mozilla:
$ hardening-check /usr/bin/firefox-nightly 
/usr/bin/firefox-nightly:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: no, not found!
 Immediate binding: no, not found!
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.