Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#49361 - [firefox] Harden firefox by building with full read-only relocation
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Monday, 16 May 2016, 21:02 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 08 June 2016, 15:54 GMT
Opened by Remi Gacogne (rgacogne) - Monday, 16 May 2016, 21:02 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 08 June 2016, 15:54 GMT
|
DetailsHi,
This is basically the same feature request than #49360, but this time for Firefox. Firefox is particularly exposed as a web browser, and some other distros have already enabled full RELRO, see for example Red Hat [1]. The attached patch enables full RELRO. Firefox does not build currently with or without this patch on my host, apparently because of a compatibility issue with gcc6 that I did not investigate long enough to fix. Thanks! [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1218034 
firefox-relro.patch
(0.3 KiB)
|
This task depends upon
Closed by Doug Newgard (Scimmia)
Wednesday, 08 June 2016, 15:54 GMT
Reason for closing: Implemented
Additional comments about closing: firefox 47.0-1
Wednesday, 08 June 2016, 15:54 GMT
Reason for closing: Implemented
Additional comments about closing: firefox 47.0-1
Comment by Jan Alexander Steffens (heftig) -
Wednesday, 18 May 2016, 04:29 GMT
I'd rather see -z now added to the common LDFLAGS in makepkg.conf.
Comment by Remi Gacogne (rgacogne) -
Wednesday, 18 May 2016, 07:44 GMT
I fully agree and there is an ongoing effort to benchmark the impact it would have from a performance point of view, along with other hardening options. I'm afraid it's going to take some time before it gets added to common LDFLAGS though, and I think it would make sense to harden FF more quickly than the rest of our packages.