[tbb-commits] [tor-browser-bundle/master] Bug 13031: Adding full RELRO protection on Linux.

gk at torproject.org gk at torproject.org
Mon Sep 22 08:08:02 UTC 2014


commit 71f2ed613d2b2ce6fb40ef27f99fd140b1b86517
Author: Georg Koppen <gk at torproject.org>
Date:   Mon Sep 22 10:04:12 2014 +0000

    Bug 13031: Adding full RELRO protection on Linux.
    
    Thanks to a patch by a cypherpunk we have now full RELRO protection when
    using gold as our linker.
---
 gitian/descriptors/linux/gitian-firefox.yml |    9 +++++++++
 gitian/descriptors/linux/gitian-utils.yml   |    6 +-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 0cd4b28..509f63a 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -65,6 +65,15 @@ script: |
   export PATH=$INSTDIR/python/bin:$PATH
   #
   unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+  # Make sure gold is used with the hardening wrapper for full RELRO, see
+  # #13031.
+  cd $INSTDIR/binutils/bin
+  rm ld
+  cp /usr/bin/hardened-ld ./
+  mv ld.gold ld.gold.real
+  ln -sf hardened-ld ld.gold
+  ln -sf ld.gold ld
+  cd ~/build
   export PATH=$INSTDIR/binutils/bin:$PATH
   mkdir -p $INSTDIR/Browser/
   mkdir -p $INSTDIR/Debug/Browser/components
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index ea122db..074076e 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -60,11 +60,7 @@ script: |
   ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold
   make $MAKEOPTS
   make install
-  # Make sure gold is used and not ld.
-  cd $INSTDIR/binutils/bin
-  rm ld
-  ln -sf ld.gold ld
-  cd ~/build
+  cd ..
 
   # Building Libevent
   cd libevent





More information about the tbb-commits mailing list