Closed Bug 857628 Opened 7 years ago Closed 5 years ago

add support for building Firefox as PIE

Categories

(Firefox Build System :: General, defect)

19 Branch
x86_64
Linux
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED
mozilla35

People

(Reporter: dhiru.kholia, Assigned: glandium)

References

Details

Attachments

(1 file, 2 obsolete files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Build ID: 20130311191316

Steps to reproduce:

I tried to build Firefox as PIE on a Fedora 18 64-bit system.


Actual results:

According to Mike Hommey (glandium), to enable PIE in Firefox, build system needs to be hacked a bit *unless* there is special compiler / linker support.

So, this bug is a feature request for such a change to be implemented.



Expected results:

Well, it should have been easy to enable hardening flags :-).

Also see https://bugzilla.mozilla.org/show_bug.cgi?id=620058

and https://bugs.launchpad.net/ubuntu/+source/xulrunner-1.9.1/+bug/507744
Component: Untriaged → Build Config
This does the job but it breaks root analysis builds for some reason, as well as Linux32 mochitest-1 and mochitest-3 (apparently anything that involves plugin-container) The weird thing is that these mochitests turn ok if I set LD_DEBUG=all before running plugin-container.

See https://tbpl.mozilla.org/?tree=Try&rev=3e83dd0511d7
Assignee: nobody → mh+mozilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: mh+mozilla → nobody
See Also: → 620058
Turns out this doesn't break anymore, for whatever reason. Yay ASLR for executables.

https://tbpl.mozilla.org/?tree=Try&rev=c69fafed7e02
Attachment #8495136 - Flags: review?(mshal)
Attachment #736156 - Attachment is obsolete: true
Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
Attachment #8495136 - Flags: review?(mshal) → review+
https://hg.mozilla.org/mozilla-central/rev/e2fee324047d
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 35
Depends on: 1073933
Depends on: 1076892
Reverted at glandium's request for causing bug 1076892:

remote:   https://hg.mozilla.org/integration/mozilla-inbound/rev/e36bdb0150b9
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Can't have nice things. Nautilus (the file manager) can't open PIE executables, which makes distributing PIE executable essentially impossible.
Keywords: clownshoes
Merge of backout:
https://hg.mozilla.org/mozilla-central/rev/e36bdb0150b9
Target Milestone: Firefox 35 → ---
Let's go with a first step adding the necessary build goop. We'll figure what to do to enable it by default in a followup.
Attachment #8501420 - Flags: review?(mshal)
Attachment #8495136 - Attachment is obsolete: true
Attachment #8501420 - Flags: review?(mshal) → review+
https://hg.mozilla.org/mozilla-central/rev/d38de091ced0
Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 35
No longer depends on: 1073933
Depends on: 1367267
Component: Build Config → General
Product: Firefox → Firefox Build System
Keywords: clownshoes
Target Milestone: Firefox 35 → mozilla35
You need to log in before you can comment on or make changes to this bug.