Compiling browser
Peter Smith
peter.smith3882100 at gmail.com
Fri Mar 25 15:08:28 UTC 2011
This is proberly the I want to compile Firefox 3.6 on Debian Squeeze
and place everything in the /opt directory. I want the compiled
browser to have some security modifications. The first thing i have
added to mozconfig is the following three lines:
export CFLAGS="-D_FORTIFY_SOURCE=2 -fstack-protector-all"
export CXXFLAGS="${CFLAGS}"
export CPPFLAGS="${CFLAGS}
This makes hardening-check on firefox-bin output the following:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
I don't know what flags should be passed to gcc for activating
"Position Independent Executable", "Read-only relocations" and
"Immediate binding" or if it is a good idea at all? Is it enough to
activate the options i have to make the browser more secure?
I have to choose between using the system libraries for nspr, nss,
jpeg, zlib, bz2 and png like this:
ac_add_options --with-system-nspr
ac_add_options --with-system-nss
ac_add_options --with-system-jpeg
ac_add_options --with-system-zlib
ac_add_options --with-system-bz2
ac_add_options --with-system-png
or using the code shipped with Firefox for the same functionality. So
far i have not been able to build Firefox without using system nspr
and nss, the Mozilla version of these will not compile on Debian. What
is most secure, using the system libraries or the Mozilla libraries?
More information about the pkg-mozilla-maintainers
mailing list