Bug#820959: Iceweasel: missing RELRO

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Apr 14 04:43:56 UTC 2016


Package: iceweasel
Version: 38.7.1esr-1~deb8u1
Severity: normal
Tags: security

Iceweasel is compiled without RELRO protection against memory corruption
as can be shown by executing:

readelf -l /usr/bin/iceweasel | grep 'GNU_RELRO'
readelf -d /usr/bin/iceweasel | grep 'BIND_NOW'

Or run the script available at
http://www.trapkit.de/tools/checkrelro.sh

Please add

-Wl,-z,relro,-z,now

to CFLAGS in debian/rules.

cf.
https://wiki.debian.org/Hardening#line-307

Best regards

Heinrich Schuchardt



More information about the pkg-mozilla-maintainers mailing list