[tbb-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 12 15:15:07 UTC 2017
#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-------------------------------------------------+-------------------------
Reporter: boklm | Owner: tbb-
| team
Type: defect | Status:
| reopened
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-hardened, | Actual Points:
TorBrowserTeam201705R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by boklm):
* status: closed => reopened
* resolution: fixed =>
Comment:
Replying to [comment:2 gk]:
> Do you know what changed to make this necessary now? We did not change
the compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`.
Good question. After looking at what changed, I suspect this might be
caused by this commit:
https://hg.mozilla.org/mozilla-central/rev/f8cf0fe7c810
Before this commit, I think we were using `c++` as the compiler, and after
this commit `g++` is being used.
In `gitian/descriptors/linux/gitian-firefox.yml` we are doing:
{{{
mv gcc gcc.real
mv c++ c++.real
ln -sf hardened-cc gcc
ln -sf hardened-cc c++
}}}
So we are using the hardened wrapper if the `c++` command is used, but not
if the `g++` command is used.
So maybe a better fix would be to add a `g++ -> hardened-cc` symlink in
`gitian/descriptors/linux/gitian-firefox.yml`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22238#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list