Closed Bug 758355 Opened 8 years ago Closed 4 years ago

Address space randomization (PIE) is not enabled on OS X

Categories

(Firefox Build System :: General, defect)

All
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1290675

People

(Reporter: espindola, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want)

Running on 10.7. Both the 64 bits flags
-------------------------------
otool -hv ~/t/FirefoxNightly.app/Contents/MacOS/firefox
/Users/espindola/t/FirefoxNightly.app/Contents/MacOS/firefox:
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    20       2552   NOUNDEFS DYLDLINK TWOLEVEL
------------------------------

and the 32 bit flags:

------------------------------
otool -arch i386 -hv ~/t/FirefoxNightly.app/Contents/MacOS/firefox
/Users/espindola/t/FirefoxNightly.app/Contents/MacOS/firefox:
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
   MH_MAGIC    I386        ALL  0x00     EXECUTE    20       2052   NOUNDEFS DYLDLINK TWOLEVEL MH_NO_HEAP_EXECUTION
-----------------------------

are missing PIE, which is set both in chrome and safari.
Note that PIE is less important in firefox than it is in chrome, because the firefox binary is mostly a stub, and all the code actually running is in dynamically loaded libraries.
(In reply to Mike Hommey [:glandium] from comment #1)
> Note that PIE is less important in firefox than it is in chrome, because the
> firefox binary is mostly a stub, and all the code actually running is in
> dynamically loaded libraries.

Note this is also true on windows, but not on linux, where the binary also contains e.g. memory allocation functions.
Keywords: sec-want
Group: core-security → core-security-release
Firefox 46 is still not PIE. Also, Firefox enables MH_NO_HEAP_EXECUTION for i386 but not x86_64. Chrome enables MH_NO_HEAP_EXECUTION for x86_64.

otool -hv /Applications/Firefox.app/Contents/MacOS/firefox
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    22       2752   NOUNDEFS DYLDLINK TWOLEVEL BINDS_TO_WEAK

otool -arch i386 -hv /Applications/Firefox.app/Contents/MacOS/firefox
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
   MH_MAGIC    I386        ALL  0x00     EXECUTE    22       2164   NOUNDEFS DYLDLINK TWOLEVEL BINDS_TO_WEAK MH_NO_HEAP_EXECUTION

otool -hv /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome 
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    24       2376   NOUNDEFS DYLDLINK TWOLEVEL PIE MH_NO_HEAP_EXECUTION

otool -hv /Applications/Safari.app/Contents/MacOS/Safari
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    18       1320   NOUNDEFS DYLDLINK TWOLEVEL PIE
Hardware: x86 → All
Summary: Address space randomization is not enabled on OS X → Address space randomization (PIE) is not enabled on OS X
From https://dxr.mozilla.org/mozilla-central/source/build/autoconf/compiler-opts.m4#335-337:

# On OSX, the linker defaults to building PIE programs when targetting OSX 10.7+,
# but not when targetting OSX < 10.7. OSX < 10.7 doesn't support running PIE
# programs, so as long as support for OSX 10.6 is kept, we can't build PIE.
As for MH_NO_HEAP_EXECUTION:
https://dxr.mozilla.org/mozilla-central/source/configure.in#2031-2032:
  With newer linkers we need to pass -allow_heap_execute because of
  Microsoft Silverlight (5.1.10411.0 at least).
(In reply to Mike Hommey [:glandium] from comment #5)
> As for MH_NO_HEAP_EXECUTION:
> https://dxr.mozilla.org/mozilla-central/source/configure.in#2031-2032:
>   With newer linkers we need to pass -allow_heap_execute because of
>   Microsoft Silverlight (5.1.10411.0 at least).

This comes from bug 753248.
Also note comment 1 still applies.
We don't support 10.6 anymore (and I think we're also dropping Silverlight support in 53), so we could move forward on this now, right? Comment 1 notwithstanding, of course.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1290675
Product: Core → Firefox Build System
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.