Firefox changed completely since this report, so closing.
** Changed in: firefox (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1671519
Title:
Please show hardening flags in about:buildconfig
Status in firefox package in Ubuntu:
Invalid
Bug description:
Hi,
the firefox package provided by Ubuntu seems to be built with
hardening flags, for instance:
$ hardening-check /usr/lib/firefox/firefox
/usr/lib/firefox/firefox:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
$ hardening-check /usr/lib/firefox/libxul.so
/usr/lib/firefox/libxul.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no, not found!
but the compilation options (-fstack-protector-strong and
-D_FORTIFY_SOURCE=2) do not show up in about:buildconfig.
Here is what I have in about:buildconfig:
about:buildconfig
Source
Built from
https://hg.mozilla.org/releases/mozilla-release/rev/44d6a57ab554308585a67a13035d31b264be781e
Build platform
target
x86_64-pc-linux-gnu
Build tools
Compiler Version Compiler flags
/usr/bin/gcc -std=gnu99 6.2.0 -Wall -Wempty-body
-Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits
-Wunreachable-code -Wno-error=maybe-uninitialized
-Wno-error=deprecated-declarations -Wno-error=array-bounds -fno-lifetime-dse
-fno-strict-aliasing -ffunction-sections -fdata-sections -fno-math-errno
-pthread -pipe
/usr/bin/g++ -std=gnu++11 6.2.0 -Wall -Wc++11-compat -Wempty-body
-Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare
-Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof
-Wc++14-compat -Wno-error=maybe-uninitialized
-Wno-error=deprecated-declarations -Wno-error=array-bounds -fno-lifetime-dse
-fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections
-fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g
-freorder-blocks -Os -fomit-frame-pointer
When I look at the same page in the firefox build in Debian stretch,
here is what I see:
about:buildconfig
Build platform
target
x86_64-pc-linux-gnu
Build tools
Compiler Version Compiler flags
gcc 6.3.0 -Wall -Wempty-body -Wpointer-to-int-cast -Wsign-compare
-Wtype-limits -Wno-unused -Wcast-align -fstack-protector-strong -Wformat
-Werror=format-security -fno-schedule-insns2 -fno-lifetime-dse
-fno-delete-null-pointer-checks -std=gnu99 -fgnu89-inline -fno-strict-aliasing
-ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe
g++ 6.3.0 -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wempty-body
-Woverloaded-virtual -Wsign-compare -Wwrite-strings -Wno-invalid-offsetof
-Wcast-align -fstack-protector-strong -Wformat -Werror=format-security
-fno-schedule-insns2 -fno-lifetime-dse -fno-delete-null-pointer-checks
-fno-exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections
-fdata-sections -fno-exceptions -fno-math-errno -std=gnu++0x -pthread -pipe
-DNDEBUG -DTRIMMED -g -freorder-blocks -Os -fomit-frame-pointer
The D_FORTIFY_SOURCE=2 and -fstack-protector-strong do show up which
IMHO is a good thing from the point of view of someone who would like
to check the hardening of firefox builds.
ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: firefox 52.0+build2-0ubuntu0.16.10.1
ProcVersionSignature: Error: [Errno 2] No such file or directory:
'/proc/version_signature'
Uname: Linux 4.10.1-041001-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.3-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: bonnaudl 15515 F.... pulseaudio
BuildID: 20170303012224
Channel: Unavailable
CurrentDesktop: KDE
Date: Thu Mar 9 15:55:13 2017
DefaultProfileExtensions: extensions.sqlite corrupt or missing
DefaultProfileIncompatibleExtensions: Unavailable (corrupt or non-existant
compatibility.ini or extensions.sqlite)
DefaultProfileLocales: extensions.sqlite corrupt or missing
DefaultProfilePlugins: Shockwave Flash -
/usr/lib/flashplugin-installer/libflashplayer.so
DefaultProfilePrefSources:
/usr/lib/firefox/defaults/pref/all-ubuntumate.js
prefs.js
[Profile]/extensions/[email protected]/defaults/preferences/prefs.js
DefaultProfileThemes: extensions.sqlite corrupt or missing
EcryptfsInUse: Yes
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IpRoute:
default via 193.55.51.129 dev eth0 proto static metric 100
169.254.0.0/16 dev eth0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
193.55.51.37 via 193.55.51.129 dev eth0 proto dhcp metric 100
193.55.51.128/26 dev eth0 proto kernel scope link src 193.55.51.166
metric 100
Profile1Extensions: extensions.sqlite corrupt or missing
Profile1IncompatibleExtensions: Unavailable (corrupt or non-existant
compatibility.ini or extensions.sqlite)
Profile1Locales: extensions.sqlite corrupt or missing
Profile1Plugins: Shockwave Flash -
/usr/lib/flashplugin-installer/libflashplayer.so
Profile1PrefSources:
/usr/lib/firefox/defaults/pref/all-ubuntumate.js
prefs.js
Profile1Themes: extensions.sqlite corrupt or missing
Profiles:
Profile0 (Default) - LastVersion=52.0/20170303012224 (In use)
Profile1 - LastVersion=52.0/20170303012224
RunningIncompatibleAddons: False
SourcePackage: firefox
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/14/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A19
dmi.board.name: 0NVF5K
dmi.board.vendor: Dell Inc.
dmi.board.version: A01
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias:
dmi:bvnDellInc.:bvrA19:bd11/14/2013:svnDellInc.:pnLatitudeE6520:pvr01:rvnDellInc.:rn0NVF5K:rvrA01:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude E6520
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1671519/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
