I want to compile Firefox 3.6 on Debian Squeeze and place everything in the /opt directory. I want the compiled browser to have some security modifications. The first thing i have added to mozconfig is the following three lines:
export CFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all" export CXXFLAGS="${CFLAGS}" export CPPFLAGS="${CFLAGS} This makes hardening-check on firefox-bin output the following: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes Read-only relocations: no, not found! Immediate binding: no, not found! I don't know what flags should be passed to gcc for activating "Position Independent Executable", "Read-only relocations" and "Immediate binding" or if it is a good idea at all? Is it enough to activate the options i have to make the browser more secure? I have to choose between using the system libraries for nspr, nss, jpeg, zlib, bz2 and png like this: ac_add_options --with-system-nspr ac_add_options --with-system-nss ac_add_options --with-system-jpeg ac_add_options --with-system-zlib ac_add_options --with-system-bz2 ac_add_options --with-system-png or using the code shipped with Firefox for the same functionality. So far i have not been able to build Firefox without using system nspr and nss, the Mozilla version of these will not compile on Debian. What is most secure, using the system libraries or the Mozilla libraries? I do not enable flash, java or javascript in the browser, but i still thinking about configuring TOMOYO Linux for Firefox as an extra layer of security. Anyone with experience in TOMOYO that can tell pros and cons? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTikPL_pVYosWfnNS8VpT=3fu0cknbxgkm6an0...@mail.gmail.com