TIL @firefox doesn't ship PIE binaries 'cos of shit desktop env file managers that consider PIE non-executable.https://bugzilla.mozilla.org/show_bug.cgi?id=1076892 …
Imagine how much better SW would be forced to be if hardened Linux made access violations raise SIGKILL instead of SIGSEGV.
-
-
PaX does that for NX violations as part of PAGEEXEC (was originally software NX for i386), but not for other forms of SIGSEGV.
-
Firefox is the only application I've ever seen requiring exceptions from PAGEEXEC, and it has needed them for multiple reasons.
-
Presumably there's a switch to turn off all this cruft at build time? I can't imagine how
@alpinelinux's FF would work w/out. -
Distributions using PaX/grsecurity set PaX exceptions on executables to control the userspace hardening features.
-
I mean all their dynamic linking hacking is almost certainly specific to glibc's dynamic linker, not portable.
-
And of course also Bionic's, separately.
-
If you want to look down that rabbit hole: https://wiki.mozilla.org/Elfhack . Not sure how much is documented or what the details are.
-
Tend to find these after it starts crashing due to assumptions being broken by hardening, and then painfully working backwards.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.