Revert "build: fix ASLR for bitcoin-cli on Windows" by hebasto · Pull Request #23360 · bitcoin/bitcoin

hebasto · 2021-10-26T10:42:16Z

I found it possible to revert #18702 for the following reasons:

guix bitcoin-cli.exe binary passes security-check.py
VMMap tool shows that ASLR is indeed working for bitcoin-cli.exe (rebooted between screenshots):

This reverts commit 315a4d3.

hebasto · 2021-10-26T10:42:49Z

hebasto · 2021-10-26T14:17:05Z

Guix builds:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
d375f9daea0a5dd6d045be33564cff99aa98abcb7bb6d850d57ff7328c12bae9  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/SHA256SUMS.part
82d1adde08bdd95d4d607879c31e170dc038cebbf86dc0816a52146d755504c4  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu-debug.tar.gz
ca81a4db522b9d72e09f3442c3c0b282e3208dda06896d6116cbb62555b33e7e  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu.tar.gz
eaa4b3957a14a125528dfe46d132a1ec86a20079c49d17e5b966ec15f3bd4d80  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/SHA256SUMS.part
cbdfb60d6807c2a1d090c23d4540db2902235f01d90868eab93ef20bfcd1f7c0  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf-debug.tar.gz
ef00dd64911a9aa0c95dc139c76e0ffddc2b1aa0257b1ae337341fb791d9ee4e  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf.tar.gz
08ca12ce07075ff60850b207903e00e98e4348355076a8dd763b885c05963957  guix-build-1f16c8c450cf/output/dist-archive/bitcoin-1f16c8c450cf.tar.gz
db361957e241eafabe56aaa91752ebd727ad7e34c212ff80269c1ffc8c90f4a2  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/SHA256SUMS.part
15ebbb20ff7b07bf7cdb5658702617141b1ca92d77fb641339ba4e0c856bf959  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu-debug.tar.gz
b17bf752615192657f8a1d3c95d905965f1257aff8ff5b552944f534931d5785  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu.tar.gz
9d05e31fa7d8669e97ee278628e17e85b6ad52c505909271fd98cc329cd8d470  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/SHA256SUMS.part
1e116725623d8102f2f7b8d7357888ca533ee7bb66419ab3962f3e5f674f872c  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu-debug.tar.gz
ae4f25345a00807a8405fccc921ff13045c5b7f76c369305b240f00d6e0c75b9  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu.tar.gz
19d00f1438324047dfbd51ece15b0fb14e3dbdb0aee2d2ab5dc8a8d3e2804ddb  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/SHA256SUMS.part
9bc9adb727ce55009fda3ad46c95f0979c3dfc152582fff6b1b5a4fa0b2ce896  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu-debug.tar.gz
a096ed5558b12fd1d6d05d297076b6c0ce8b505944f7df0a42cb35b4219c7e48  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu.tar.gz
7de70ea7421d31c6b386b38390d664b28f34ca871f14f1eb90159eedf1854ea2  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/SHA256SUMS.part
0c27967dfbe444d0d871343cb77e78659995688bd965def30dacfae65a49ae5b  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.dmg
6e79012ffadccfbe1c2b290a778458b9147377e5b02132af269c7ff756433b16  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.tar.gz
52a5618adde25dc2e071ee2b31557510c09854e8b09cdac07b2365b87e1392e5  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx64.tar.gz
6bef6393a8f303019e20071ab58780092023ad53e00c79e4f577db4e192a57d7  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/SHA256SUMS.part
eb6dd0d2b357c09e498be0394fb08943560be0bacd9fe226b2f1f611b86aef22  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu-debug.tar.gz
21b4abb30b080ff9439777e1e9a2dd871700a8b0bbe65d0653004a0954b1be4c  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu.tar.gz
4e8ed9ecd2fe0860c736262e2b4c61e41909d067efaee2530c52d4d6c608319a  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/SHA256SUMS.part
8e213c1d35de36a77a445fef7cd01ae1147cc5f61a9e6671dafe1a6e669d8167  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win-unsigned.tar.gz
72b948cca12632d6f6967c7365024147f98628b65abffe9950f724ae49bb24ad  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-debug.zip
d34718f4080a477cac87c71af0c8f18c29b41005ae390f0fb20dc045ec7f9821  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-setup-unsigned.exe
aff37ea83fd9e591054b12695edb8d2eafb43228020eee424ad3386dfbb6084e  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64.zip

dongcarl · 2021-10-26T18:24:05Z

Ooooh this is good info. I'm wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?

hebasto · 2021-10-26T18:27:04Z

I'm wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?

Do you mean mingw-w64 8.0 in Debian Bullseye?

dongcarl · 2021-10-26T19:07:34Z

Yes, and perhaps stretch since that is supposedly still supported.

fanquake · 2021-10-27T00:02:27Z

NACK. This just reduces security for anyone building with an older binutils.

hebasto · 2021-10-27T04:50:40Z

This just reduces security for anyone building with an older binutils.

A Guix build still available for everyone who concerns about security 🐅

NACK.

Closing.

laanwj · 2021-10-27T05:56:34Z

You could change this PR to instead add a comment that this is solved in newer binutils (if possible, include version number) and the workaround can estensibly go at some point. But yes, probably not now yet.

DrahtBot · 2021-10-27T11:26:50Z

Guix builds

File	commit `22a9018` (master)	commit 77722bc1c26c3745448d778168951fb09f872593 (master and this pull)
SHA256SUMS.part	`77e81cb53a713fbc...`	`a3808a11b924cd2d...`
*-aarch64-linux-gnu-debug.tar.gz	`f789ce2f3015ba6c...`	`7c1d7eaf433abed6...`
*-aarch64-linux-gnu.tar.gz	`305e63f9b6603216...`	`7149fe3c92325df0...`
*-arm-linux-gnueabihf-debug.tar.gz	`ab2c024277a36983...`	`e60f0423cc60f627...`
*-arm-linux-gnueabihf.tar.gz	`9b26444dc5a034d5...`	`f772c72bab3d5f4f...`
*-osx-unsigned.dmg	`e384ce08b75a002d...`	`bbdf0d081a5fa6f8...`
*-osx-unsigned.tar.gz	`4cc30fd6dfadb714...`	`0d95a2b509fb36b1...`
*-osx64.tar.gz	`93bb740d3f7a9116...`	`aabd755982ee22be...`
*-powerpc64-linux-gnu-debug.tar.gz	`ee9d613ba0a7d238...`	`75aa2a5a6b094174...`
*-powerpc64-linux-gnu.tar.gz	`af2ba22306aa685c...`	`9e0ce490e1501e4a...`
*-powerpc64le-linux-gnu-debug.tar.gz	`a6afe10c4314a0d1...`	`4fba813332a9ff18...`
*-powerpc64le-linux-gnu.tar.gz	`8163ae568c1842ce...`	`ae6f9a0f2186d97b...`
*-riscv64-linux-gnu-debug.tar.gz	`913b754b36ca2b88...`	`65941b3639126160...`
*-riscv64-linux-gnu.tar.gz	`bc593564247876d9...`	`5b6985adb2b4ea62...`
*-win-unsigned.tar.gz	`0823a02ad45558b3...`	`fa2bede8f60116fb...`
*-win64-debug.zip	`5fc8392bc83e7398...`	`cc201fccd4243618...`
*-win64-setup-unsigned.exe	`fa3569449be92a5b...`	`312ee72ba3940f0f...`
*-win64.zip	`f1389e70d96cfb4f...`	`ae59d608322a6224...`
*-x86_64-linux-gnu-debug.tar.gz	`e4e12eb40a12f856...`	`1d4556c7cf0f1e39...`
*-x86_64-linux-gnu.tar.gz	`7f14715bcb58b5db...`	`d73c3b9569f3dc89...`
*.tar.gz	`7290f01e94b5d7be...`	`d88b30b7631a4034...`
guix_build.log	`0256ff752409aace...`	`798678b1edcf47eb...`
guix_build.log.diff		`76865e64fce02eba...`

Revert "build: fix ASLR for bitcoin-cli on Windows"

1f16c8c

This reverts commit 315a4d3.

hebasto added Windows Build system labels Oct 26, 2021

maflcko added the DrahtBot Guix build requested label Oct 26, 2021

hebasto closed this Oct 27, 2021

hebasto deleted the 211026-win-aslr branch October 27, 2021 06:33

DrahtBot removed the DrahtBot Guix build requested label Oct 27, 2021

hebasto mentioned this pull request May 30, 2022

Consolidate Windows ASLR workarounds for upstream secp256k1 changes #25251

Merged

bitcoin locked and limited conversation to collaborators Oct 30, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Revert "build: fix ASLR for bitcoin-cli on Windows"#23360

Revert "build: fix ASLR for bitcoin-cli on Windows"#23360
hebasto wants to merge 1 commit intobitcoin:masterfrom
hebasto:211026-win-aslr

hebasto commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Uh oh!

dongcarl commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Uh oh!

dongcarl commented Oct 26, 2021

Uh oh!

fanquake commented Oct 27, 2021

Uh oh!

hebasto commented Oct 27, 2021

Uh oh!

laanwj commented Oct 27, 2021 •

edited

Loading

Uh oh!

DrahtBot commented Oct 27, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

hebasto commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Guix builds:

Uh oh!

dongcarl commented Oct 26, 2021

Uh oh!

hebasto commented Oct 26, 2021

Uh oh!

dongcarl commented Oct 26, 2021

Uh oh!

fanquake commented Oct 27, 2021

Uh oh!

hebasto commented Oct 27, 2021

Uh oh!

laanwj commented Oct 27, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

DrahtBot commented Oct 27, 2021

Guix builds

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

laanwj commented Oct 27, 2021 •

edited

Loading