#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE -------------------------------------------------+------------------------- Reporter: boklm | Owner: tbb- | team Type: defect | Status: | reopened Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security, tbb-hardened, | Actual Points: TorBrowserTeam201705R | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by boklm):
* status: closed => reopened * resolution: fixed => Comment: Replying to [comment:2 gk]: > Do you know what changed to make this necessary now? We did not change the compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`. Good question. After looking at what changed, I suspect this might be caused by this commit: https://hg.mozilla.org/mozilla-central/rev/f8cf0fe7c810 Before this commit, I think we were using `c++` as the compiler, and after this commit `g++` is being used. In `gitian/descriptors/linux/gitian-firefox.yml` we are doing: {{{ mv gcc gcc.real mv c++ c++.real ln -sf hardened-cc gcc ln -sf hardened-cc c++ }}} So we are using the hardened wrapper if the `c++` command is used, but not if the `g++` command is used. So maybe a better fix would be to add a `g++ -> hardened-cc` symlink in `gitian/descriptors/linux/gitian-firefox.yml`. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22238#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs