Este site irá ter funcionalidade limitada enquanto fazemos manutenção para melhorar a sua experiência. Se um artigo não resolve o seu problema e quiser colocar uma questão, temos a nossa comunidade de apoio à espera de o ajudar em @FirefoxSupport no Twitter, /r/firefox no Reddit.

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

Request to host Firefox linux binaries that are compiled with the PIC/PIE flag

  • 1 resposta
  • 0 têm este problema
  • Última resposta por LimuxSpring

more options

Many of Linux Distributions take firefox binaries from https://packages.mozilla.org/apt/ as given in the Mozilla Knowlege Base Article Install Firefox on Linux. In this article there is a option to Install Firefox .deb package for Debian-based distributions.

However the binaries and libraries that are hosted in Firefox repositories are not compiled with the PIE/PIC flag. That prevents Firefox browser from using ASLR capabilities and to a large degree prevent Buffer overflows attacks. Please refer to the output given below for more details.

$ file -e elf /opt/firefox/firefox /opt/firefox/firefox: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) $ $ readelf -h /opt/firefox/firefox ELF Header:

 Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
 Class:                             ELF64
 Data:                              2's complement, little endian
 Version:                           1 (current)
 OS/ABI:                            UNIX - System V
 ABI Version:                       0
 Type:                              EXEC (Executable file)
 Machine:                           Advanced Micro Devices X86-64
 Version:                           0x1

The output of the first command is ELF 64-bit LSB executable, which indicates that it is not a PIE executable. If it had been a PIE executable then it would have been ELF 64-bit LSB pie executable. Similarly the output of the second command has a Key, Type, whose value is EXEC (Executable file). However for a PIE binary the value would be DYN (Position-Independent Executable file).

Can Mozilla please compile the binaries and shared libraries with the PIE/PIC flag and then host them in its repositories? Many of Linux Distros do not have the bandwidth to take the source and compile binaries for different architects and are dependent on Mozilla to provide the same. Doing so would be appreciated and would help in enhancing safety of Linux users who use Firefox as their primary browser.


PIE = Position Independent Executable PIC = Position Independent Code ASLR = Address Space Layout Randomisation. PIC and PIE are used interchangeably and imply the same thing.

Many of Linux Distributions take firefox binaries from https://packages.mozilla.org/apt/ as given in the Mozilla Knowlege Base Article [http://mzl.la/1xKrIV5 Install Firefox on Linux]. In this article there is a option to [https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions-recommended Install Firefox .deb package for Debian-based distributions]. However the binaries and libraries that are hosted in Firefox repositories are not compiled with the PIE/PIC flag. That prevents Firefox browser from using ASLR capabilities and to a large degree prevent Buffer overflows attacks. Please refer to the output given below for more details. ''$ file -e elf /opt/firefox/firefox /opt/firefox/firefox: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) $ $ readelf -h /opt/firefox/firefox ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1'' The output of the first command is '''ELF 64-bit LSB executable''', which indicates that it is not a PIE executable. If it had been a PIE executable then it would have been '''ELF 64-bit LSB pie executable'''. Similarly the output of the second command has a Key, Type, whose value is '''EXEC (Executable file)'''. However for a PIE binary the value would be '''DYN (Position-Independent Executable file)'''. Can Mozilla please compile the binaries and shared libraries with the PIE/PIC flag and then host them in its repositories? Many of Linux Distros do not have the bandwidth to take the source and compile binaries for different architects and are dependent on Mozilla to provide the same. Doing so would be appreciated and would help in enhancing safety of Linux users who use Firefox as their primary browser. PIE = Position Independent Executable PIC = Position Independent Code ASLR = Address Space Layout Randomisation. PIC and PIE are used interchangeably and imply the same thing.

Modificado por LimuxSpring a

Todas as respostas (1)

more options

Information from about:buildconfig of the browser. As can be seen the browser executable have been built with -fPIC flag but not -fPIE

Source = Built from https://hg.mozilla.org/releases/mozilla-release/rev/2f6d80ae5a069caeed2c79987422bfae1d8facc3

Build platform target = x86_64-pc-linux-gnu

Build tools Compiler = /builds/worker/fetches/clang/bin/clang --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu -std=gnu99 Version = 18.1.7 Compiler flags = -pthread -ffunction-sections -fdata-sections -fno-math-errno -fPIC -fcrash-diagnostics-dir=/builds/worker/artifacts

Compiler = /builds/worker/fetches/clang/bin/clang++ --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu Version = 18.1.7 Compiler flags = -D_GLIBCXX_USE_CXX11_ABI=0 -fno-rtti -pthread -fno-sized-deallocation -fno-aligned-new -ffunction-sections -fdata-sections -fno-math-errno -fno-exceptions -fPIC -fcrash-diagnostics-dir=/builds/worker/artifacts -gdwarf-4 -O3 -fomit-frame-pointer -funwind-tables

Compiler = /builds/worker/fetches/rustc/bin/rustc Version = 1.79.0 Compiler flags =


Configure options MOZ_AUTOMATION=1 MOZILLA_OFFICIAL=1 --enable-update-channel=release MOZBUILD_STATE_PATH=/builds/worker/.mozbuild MOZ_FETCHES_DIR=/builds/worker/fetches 'CFLAGS= -fcrash-diagnostics-dir=/builds/worker/artifacts' 'CXXFLAGS= -fcrash-diagnostics-dir=/builds/worker/artifacts' MOZ_STDCXX_COMPAT=1 ENABLE_CLANG_PLUGIN=1 --enable-profile-use=cross --with-pgo-profile-path=/builds/worker/fetches/merged.profdata --with-pgo-jarlog=/builds/worker/fetches/en-US.log MOZ_LTO=cross MOZ_NO_PIE_COMPAT=1 MOZ_SOURCE_REPO=https://hg.mozilla.org/releases/mozilla-release MOZ_SOURCE_CHANGESET=2f6d80ae5a069caeed2c79987422bfae1d8facc3 --enable-js-shell --enable-rust-simd --enable-default-toolkit=cairo-gtk3-x11-wayland --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key --with-google-location-service-api-keyfile=/builds/gls-gapi.data --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data MOZ_SIMPLE_PACKAGE_NAME=target MOZ_PACKAGE_JSSHELL=1 --enable-official-branding

Útil?

Colocar questão

Deve iniciar a sessão com a sua conta para responder às mensagens. Por favor, comece uma nova pergunta, se ainda não tiver uma conta.