I tried enabling the -fstack-protector flag and compiled Bitcoin-Qt on Windows. The resulting executable works, even the use of "-fstack-protector-all" caused no problems, so I'm asking to re-evaluate enabling of that flag in the Windows-builds.
A brief description of the feature can be found here: http://www.research.ibm.com/trl/projects/security/ssp/
Yes, I think it's a good idea to enable it for all operating systems unless there is a critical reason not to.
My memory is fuzzy, but was there some issue with enabling it for mingw and/or cross-compiles?
I compile under Windows with Qt Creator and mingw 4.4, which works. Perhaps one should test it with Gitian ;)?
I somehow don't think we added this warning just for fun:
QMAKE_LFLAGS += -fstack-protector
# do not enable this on windows, as it will result in a non-working executable!
I now remember that @thebluematt added this after the gitian-produced executable frustratingly didn't work. Might be that the underlying issue is solved but we should be really careful.
IIRC it was an issue with building using Ubuntu's i586-mingw32msvc-* compiling, though it may have worked on some other distro mingw packages, and possibly also on windows mingw builds. Though this causes issues for gitian, maybe it has been fixed in post-lucid Ubuntus?
Why not give it a try? If the resulting Windows executable is messed up disable the flag again and perhaps add when we last tried it and if it works it would be a nice security benefit for Windows users :).
Anyone willing to build an executable with this enabled? I'm glad to try it out on Windows ;).
Is there any way to enable ASLR with MinGW for the bitcoin-qt.exe? Even if we are unable to ship the official client with DEP / ASLR enabled, I would like to know how I can do this ^^.
Pass QMAKE_CXXFLAGS=-fstack-protector QMAKE_LFLAGS=-fstack-protector on the qmake command line
Nice find, I'll test this out with my build, perhaps a patch can be added later to enabled this for the official client.
I made positive progress on the mitigation techniques on Windows, but as long as the core devs don't care to (re-)test the -fstack-protector or even better -fstack-protector-all flag and take this issue more serious I don't mind creating a new patch ;).
Everytime Gavin is talking about security and I have a strong belief such compiler/linker hardening is one very important aspect of making the Bitcoin client more secure!
<pre> -fstack-protector Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits. -fstack-protector-all Like -fstack-protector except that all functions are protected. </pre>
@luke-jr I know you have that test-next project, which uses the official build-process ... could you try to enable the stack-protection on Windows with -fstack-protector-all!? I will be glad to test it. This needs to be looked at! We can be happy there are currently no known attacks on the client that use a buffer-overflow, but this will for sure help mitigate, if that happens in the future.
Do you need a pull?
I seem to recall the linker failed with stack protector, but maybe I was doing something wrong...
@luke-jr You are free to test: https://github.com/Diapolo/bitcoin/tree/stack-protector
@TheBlueMatt Could you give Jenkins a try on this? I would like to test a Gitian or static-compiled bitcoin-qt.exe to verify if it's usable now :).
Let's keep the discussion there, closing this