Skip to content

Enable (and check for) 64-bit ASLR on Windows#8249

Merged
laanwj merged 2 commits intobitcoin:masterfrom
laanwj:2016_06_windows64_security
Sep 26, 2016
Merged

Enable (and check for) 64-bit ASLR on Windows#8249
laanwj merged 2 commits intobitcoin:masterfrom
laanwj:2016_06_windows64_security

Conversation

@laanwj
Copy link
Member

@laanwj laanwj commented Jun 23, 2016

See #8248 for more information.

@laanwj laanwj added the Windows label Jun 23, 2016
@laanwj
Copy link
Member Author

laanwj commented Jun 23, 2016
edited
Loading

Ugh, looks like the mingw64 ld on Trusty doesn't support this:

checking host system type... x86_64-w64-mingw32
...
checking whether the linker accepts -Wl,--high-entropy-va... no

user@trusty:~$ i686-w64-mingw32-ld --version
GNU ld (GNU Binutils) 2.23.52.20130620
Copyright 2013 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License version 3 or (at your option) a later version.
This program has absolutely no warranty.

Minimum version would be binutils 2.25: https://sourceware.org/ml/binutils/2014-08/msg00167.html.

We should look at upgrading the build image to 16.04 LTS after the 0.13 release, this will also resolve the heap initialize-to-zero issue we currently have to work around.

@laanwj laanwj added this to the 0.14 milestone Jun 23, 2016
@luke-jr
Copy link
Member

luke-jr commented Sep 10, 2016

Maybe have configure check if this is supported, so it can be built both ways?

@laanwj
Copy link
Member Author

laanwj commented Sep 14, 2016
edited
Loading

Maybe have configure check if this is supported, so it can be built both ways?

That's what the check_link_flag already does. It's just the security check that fails after the build. If you don't run that, this pull works fine w/ older gccs.

@laanwj
Copy link
Member Author

laanwj commented Sep 21, 2016

@theuni @luke-jr What if I change this to make the extra security check non-fatal, issue a warning for now?
This is still useful to have in the future if we ever get to the end of #8653 and the xenial mess cleaned up.
Otherwise I'm going to close it for now.

@theuni
Copy link
Member

theuni commented Sep 22, 2016

@laanwj ACK on making it non-fatal for now. Optimally with some kind of switch to elevate warnings to errors like -Werror. That way we could set it as a real error in gitian when it should be supported, even though we allow older toolchains to configure with warnings.

I'm still head-down in toolchain stuff, maybe we can have this turned on for 0.14.

@laanwj
devtools: Check for high-entropy ASLR in 64-bit PE executables
9a75d29 
check_PE_PIE only checked for DYNAMIC_BASE, this is not enough
for (secure) ASLR on 64-bit.
@laanwj
build: supply -Wl,--high-entropy-va
62c2915 
This should enable high-entropy ASLR on 64-bit targets, for better
mitigation of exploits.
@laanwj laanwj force-pushed the 2016_06_windows64_security branch from 2eb2873 to 62c2915 Compare September 26, 2016 10:58
@laanwj
Copy link
Member Author

laanwj commented Sep 26, 2016
edited
Loading

I split off the high entropy check and added this to the security-checks for now:

NONFATAL = {'HIGH_ENTROPY_VA'} # checks which are non-fatal for now but only generate a warning

I didn't find it worth the trouble to add a command-line option. The script can just be updated once we switch build platforms. The security check script exists for our releases, nothing else.

@laanwj laanwj merged commit 62c2915 into bitcoin:master Sep 26, 2016
laanwj added a commit that referenced this pull request Sep 26, 2016
@laanwj
Merge #8249: Enable (and check for) 64-bit ASLR on Windows
4e1567a 
62c2915 build: supply `-Wl,--high-entropy-va` (Wladimir J. van der Laan)
9a75d29 devtools: Check for high-entropy ASLR in 64-bit PE executables (Wladimir J. van der Laan)
@str4d str4d mentioned this pull request Dec 1, 2017
Merged
zkbot added a commit to zcash/zcash that referenced this pull request Dec 1, 2017
@zkbot
Auto merge of #2786 - str4d:2074-build, r=<try>
6aef403 
Build system improvements

Includes commits cherry-picked from the following upstream PRs:

- bitcoin/bitcoin#6978
  - Only the first commit (second is for QT)
- bitcoin/bitcoin#7059
- bitcoin/bitcoin#7603
  - Only the first commit (the rest are for QT)
- bitcoin/bitcoin#7954
- bitcoin/bitcoin#8314
  - Only the second commit (first is for QT)
- bitcoin/bitcoin#8504
  - Only the first commit (second was undoing something we didn't have)
- bitcoin/bitcoin#8520
- bitcoin/bitcoin#8563
- bitcoin/bitcoin#8249
- bitcoin/bitcoin#9156
- bitcoin/bitcoin#9831
- bitcoin/bitcoin#9789
- bitcoin/bitcoin#10766

Part of #2074.
@str4d str4d mentioned this pull request Dec 15, 2017
Open
zkbot added a commit to zcash/zcash that referenced this pull request Dec 15, 2017
@zkbot
Auto merge of #2786 - str4d:2074-build, r=str4d
83af270 
Build system improvements

Includes commits cherry-picked from the following upstream PRs:

- bitcoin/bitcoin#6978
  - Only the first commit (second is for QT)
- bitcoin/bitcoin#7059
- bitcoin/bitcoin#7603
  - Only the first commit (without the `BITCOIN_QT_BIN` variable; the rest are for QT)
- bitcoin/bitcoin#7954
- bitcoin/bitcoin#8314
  - Only the second commit (first is for QT)
- bitcoin/bitcoin#8504
  - Only the first commit (second was undoing something we didn't have)
- bitcoin/bitcoin#8520
- bitcoin/bitcoin#8563
- bitcoin/bitcoin#8249
- bitcoin/bitcoin#9156
- bitcoin/bitcoin#9831
- bitcoin/bitcoin#9789
- bitcoin/bitcoin#10766

Part of #2074.
codablock pushed a commit to codablock/dash that referenced this pull request Jan 11, 2018
@laanwj @codablock
Merge bitcoin#8249: Enable (and check for) 64-bit ASLR on Windows
8edc2a7 
62c2915 build: supply `-Wl,--high-entropy-va` (Wladimir J. van der Laan)
9a75d29 devtools: Check for high-entropy ASLR in 64-bit PE executables (Wladimir J. van der Laan)
kotodev pushed a commit to koto-dev/koto.old that referenced this pull request Jan 25, 2018
@zkbot @kotodev
Auto merge of #2786 - str4d:2074-build, r=str4d
c8a979f 
Build system improvements

Includes commits cherry-picked from the following upstream PRs:

- bitcoin/bitcoin#6978
  - Only the first commit (second is for QT)
- bitcoin/bitcoin#7059
- bitcoin/bitcoin#7603
  - Only the first commit (without the `BITCOIN_QT_BIN` variable; the rest are for QT)
- bitcoin/bitcoin#7954
- bitcoin/bitcoin#8314
  - Only the second commit (first is for QT)
- bitcoin/bitcoin#8504
  - Only the first commit (second was undoing something we didn't have)
- bitcoin/bitcoin#8520
- bitcoin/bitcoin#8563
- bitcoin/bitcoin#8249
- bitcoin/bitcoin#9156
- bitcoin/bitcoin#9831
- bitcoin/bitcoin#9789
- bitcoin/bitcoin#10766

Part of #2074.
renium9 added a commit to koto-dev/koto.old that referenced this pull request Feb 6, 2018
@renium9
Auto merge of #2786 - str4d:2074-build, r=str4d
23640da 
Build system improvements

Includes commits cherry-picked from the following upstream PRs:

- bitcoin/bitcoin#6978
  - Only the first commit (second is for QT)
- bitcoin/bitcoin#7059
- bitcoin/bitcoin#7603
  - Only the first commit (without the `BITCOIN_QT_BIN` variable; the rest are for QT)
- bitcoin/bitcoin#7954
- bitcoin/bitcoin#8314
  - Only the second commit (first is for QT)
- bitcoin/bitcoin#8504
  - Only the first commit (second was undoing something we didn't have)
- bitcoin/bitcoin#8520
- bitcoin/bitcoin#8563
- bitcoin/bitcoin#8249
- bitcoin/bitcoin#9156
- bitcoin/bitcoin#9831
- bitcoin/bitcoin#9789
- bitcoin/bitcoin#10766

Part of #2074.

# Conflicts:
#	configure.ac
#	src/Makefile.am
#	src/Makefile.gtest.include
#	src/Makefile.test.include
#	zcutil/build.sh
andvgal pushed a commit to energicryptocurrency/gen2-energi that referenced this pull request Jan 6, 2019
@laanwj @andvgal
Merge bitcoin#8249: Enable (and check for) 64-bit ASLR on Windows
07d8514 
62c2915 build: supply `-Wl,--high-entropy-va` (Wladimir J. van der Laan)
9a75d29 devtools: Check for high-entropy ASLR in 64-bit PE executables (Wladimir J. van der Laan)
@fanquake fanquake mentioned this pull request Apr 28, 2020
Merged
laanwj added a commit that referenced this pull request May 14, 2020
@laanwj
Merge #18796: scripts: security-check.py refactors
2d7489b 
eacedfb scripts: add additional type annotations to security-check.py (fanquake)
83d063e scripts: add run_command to security-check.py (fanquake)
13f606b scripts: remove NONFATAL from security-check.py (fanquake)
061acf6 scripts: no-longer check for 32 bit windows in security-check.py (fanquake)

Pull request description:

  * Remove 32-bit Windows checks.
  * Remove NONFATAL checking. Added in #8249, however unused since #13764.
  * Add `run_command` to de-duplicate all of the subprocess calls. Mentioned in #18713.
  * Add additional type annotations.
  * Print stderr when there is an issue running a command.

ACKs for top commit:
  laanwj:
    ACK eacedfb

Tree-SHA512: 69a7ccfdf346ee202b3e8f940634c5daed1d2b5a5d15ac9800252866ba3284ec66e391a66a0b341f5a4e5e8482fe1b614d4671e8e766112ff059405081184a85
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

Windows

Projects

None yet

Milestone

0.14.0

Development

Successfully merging this pull request may close these issues.

4 participants

@laanwj @luke-jr @theuni @fanquake