[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-------------------------------------------------+-------------------------
Reporter: boklm | Owner: tbb-
| team
Type: defect | Status:
| reopened
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-hardened, | Actual Points:
TorBrowserTeam201705R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by boklm):
* status: closed => reopened
* resolution: fixed =>
Comment:
Replying to [comment:2 gk]:
> Do you know what changed to make this necessary now? We did not change
the compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`.
Good question. After looking at what changed, I suspect this might be
caused by this commit:
https://hg.mozilla.org/mozilla-central/rev/f8cf0fe7c810
Before this commit, I think we were using `c++` as the compiler, and after
this commit `g++` is being used.
In `gitian/descriptors/linux/gitian-firefox.yml` we are doing:
{{{
mv gcc gcc.real
mv c++ c++.real
ln -sf hardened-cc gcc
ln -sf hardened-cc c++
}}}
So we are using the hardened wrapper if the `c++` command is used, but not
if the `g++` command is used.
So maybe a better fix would be to add a `g++ -> hardened-cc` symlink in
`gitian/descriptors/linux/gitian-firefox.yml`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22238#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs