Opened 3 years ago

Closed 3 years ago

#13352 closed defect (duplicate)

Firefox 31 nigthly build's main binary lacks PIE

Reported by: intrigeri Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: ff31-esr
Cc: anonym Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In the linux32 tarball from https://people.torproject.org/~gk/testbuilds/esr31-nightly/, I see:

$ hardening-check firefox 
firefox:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: yes

Note that according to hardening-check, the *.so files have PIE (which I find weird, I thought it didn't apply to shared libraries).

This seems to be a regression compared to tor-browser-linux32-3.6.6_en-US.tar.xz, where I see:

$ hardening-check firefox 
firefox:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by intrigeri

Resolution: duplicate
Status: newclosed

Duplicate of #13328, that got fixed.

Note: See TracTickets for help on using tickets.