[tbb-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 12 15:15:07 UTC 2017

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
 Reporter:  boklm                                |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, tbb-hardened,          |  Actual Points:
  TorBrowserTeam201705R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by boklm):

 * status:  closed => reopened
 * resolution:  fixed =>


 Replying to [comment:2 gk]:
 > Do you know what changed to make this necessary now? We did not change
 the compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`.

 Good question. After looking at what changed, I suspect this might be
 caused by this commit:

 Before this commit, I think we were using `c++` as the compiler, and after
 this commit `g++` is being used.

 In `gitian/descriptors/linux/gitian-firefox.yml` we are doing:
   mv gcc gcc.real
   mv c++ c++.real
   ln -sf hardened-cc gcc
   ln -sf hardened-cc c++

 So we are using the hardened wrapper if the `c++` command is used, but not
 if the `g++` command is used.

 So maybe a better fix would be to add a `g++ -> hardened-cc` symlink in

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22238#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list