Bug#820959: Iceweasel: missing RELRO
Heinrich Schuchardt
xypron.glpk at gmx.de
Thu Apr 14 04:43:56 UTC 2016
Package: iceweasel
Version: 38.7.1esr-1~deb8u1
Severity: normal
Tags: security
Iceweasel is compiled without RELRO protection against memory corruption
as can be shown by executing:
readelf -l /usr/bin/iceweasel | grep 'GNU_RELRO'
readelf -d /usr/bin/iceweasel | grep 'BIND_NOW'
Or run the script available at
http://www.trapkit.de/tools/checkrelro.sh
Please add
-Wl,-z,relro,-z,now
to CFLAGS in debian/rules.
cf.
https://wiki.debian.org/Hardening#line-307
Best regards
Heinrich Schuchardt
More information about the pkg-mozilla-maintainers
mailing list