[tor-bugs] #20439 [Applications/Tor Browser]: The firefox binary in Tor Browser on OSX is not PIE
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 23 23:42:20 UTC 2016
#20439: The firefox binary in Tor Browser on OSX is not PIE
--------------------------------------+--------------------------
Reporter: boklm | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by boklm):
I attached a first version of a patch to fix that. After building with
this patch, the firefox binary is reported as PIE by `otool -hv`.
Before adding wrappers for `clang` and `clang++` adding the `-fPIE`
option, I first tried to add it to the `CFLAGS` variable in `.mozconfig-
mac`, but this makes the build fail with this error:
{{{
libtool: compile: /home/debian/build/tor-browser/clang/bin/clang -target
x86_64-apple-darwin10 -mlinker-version=136 -B /home/debian/build/tor-
browser/cctools/bin -isysroot /home/debian/build/tor-
browser/MacOSX10.7.sdk -DHAVE_CONFIG_H -I. -I/home/debian/build/tor-
browser/js/src/ctypes/libffi -I. -I/home/debian/build/tor-
browser/js/src/ctypes/libffi/include -Iinclude -I/home/debian/build/tor-
browser/js/src/ctypes/libffi/src -Qunused-arguments -Qunused-arguments
-Wall -Wempty-body -Wpointer-to-int-cast -Wsign-compare -Wtype-limits
-Wno-unused -std=gnu99 -fno-strict-aliasing -fno-math-errno -pthread
-DNO_X11 -pipe -fexceptions -MT src/x86/ffi.lo -MD -MP -MF
src/x86/.deps/ffi.Tpo -c /home/debian/build/tor-
browser/js/src/ctypes/libffi/src/x86/ffi.c -fno-common -DPIC -o
src/x86/ffi.o
depbase=`echo src/x86/darwin.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/bash ./libtool --mode=compile /home/debian/build/tor-
browser/clang/bin/clang -target x86_64-apple-darwin10 -mlinker-version=136
-B /home/debian/build/tor-browser/cctools/bin -isysroot /home/debian/build
/tor-browser/MacOSX10.7.sdk -fPIE -DHAVE_CONFIG_H -I. -I/home/debian/build
/tor-browser/js/src/ctypes/libffi -I. -I/home/debian/build/tor-
browser/js/src/ctypes/libffi/include -Iinclude -I/home/debian/build/tor-
browser/js/src/ctypes/libffi/src -Qunused-arguments -I.
-I/home/debian/build/tor-browser/js/src/ctypes/libffi/include -Iinclude
-I/home/debian/build/tor-browser/js/src/ctypes/libffi/src -Qunused-
arguments -Wall -Wempty-body -Wpointer-to-int-cast -Wsign-compare -Wtype-
limits -Wno-unused -std=gnu99 -fno-strict-aliasing -fno-math-errno
-pthread -DNO_X11 -pipe -MT src/x86/darwin.lo -MD -MP -MF $depbase.Tpo -c
-o src/x86/darwin.lo /home/debian/build/tor-
browser/js/src/ctypes/libffi/src/x86/darwin.S &&\
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: unable to infer tagged configuration
libtool: compile: specify a tag with `--tag'
}}}
Maybe the wrappers should be created in `gitian-utils.yml` instead of
`gitian-firefox.yml`? Unless there is a better way to make `-fPIC` the
default.
The `mac-pie.patch` patch should also be a separate patch for `tor-
browser.git`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20439#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list