Bug#653191: iceweasel: Please enable hardening options
Florent Daigniere
nextgens at freenetproject.org
Wed Oct 9 08:05:39 UTC 2013
Hi,
As of today, with current Sid on amd64:
$hardening-check /usr/bin/iceweasel
/usr/bin/iceweasel:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: no, not found!
Immediate binding: no, not found!
Is it possible to re-consider enabling the other hardening options?
Namely PIE, RELRO and BINDNOW
Virtually all the other distributions enable all hardening bells and
whistles as they consider web-browsers critical packages. IMHO
firefox had enough memory corruption bugs documented over the years
to warrant the performance cost of enabling these options.
Regards,
Florent
More information about the pkg-mozilla-maintainers
mailing list