ICS has ASLR support! http://blog.duosecurity.com/2012/02/a-look-at-aslr-in-android-ice-cream-sandwich-4-0/ It's a nearly free security win, and while Android's initial implementation clearly leaves a lot to be desired, 4.0.3 looks better, and I can't think of any reasons not to do so unless our toolchain makes it painful for some reason.

The compilation changes are easy, but we will need to test for compatibility problems with older Android platforms and possible performance regressions. https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/ The interesting compiler options are: * ProPolice to prevent stack buffer overruns (-fstack-protector) * Format string vulnerability protections (-Wformat=2 -Werror=format-security) * -fpie to generate Position Independent Executable code The interesting linker options are: * -fpie to link Position Independent Executable code * Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)

Security team is interested in getting movement on this. Re-nom to discuss.

Chris - Can you take a look?

The ASLR linker flags (-Wl,-z,relro -Wl,-z,now) are enabled by default in Android NDK r8+, so these options are implicitly enabled on the Nightly 21 and Aurora 20 channels. \o/ If we ever want to build Firefox with ASLR using an older NDK, I've attached a patch for our Android build scripts. To verify whether a .so was compiled with ASLR, you can use objdump and readelf: $ arm-linux-androideabi-objdump -x libxul.so | grep RELRO RELRO off 0x01215990 vaddr 0x01216990 paddr 0x01216990 align 2**3 $ arm-linux-androideabi-readelf -d libxul.so | grep BIND 0x0000001e (FLAGS) SYMBOLIC BIND_NOW

Fixed by bug 816993 :D