Bitcoin-Qt (Windows only): add ASLR and DEP linker flags #1673

pull Diapolo wants to merge 1 commits into bitcoin:master from Diapolo:Qt_Win_ASLR_DEP_linker_flag changing 1 files +3 −0
  1. Diapolo commented at 9:44 AM on August 14, 2012: none
    • for extra security on Windows: enable ASLR and DEP via GCC linker flags

    GCC linker flag description: --dynamicbase The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows Vista for i386 PE targets. --nxcompat The image is compatible with the Data Execution Prevention. This feature was introduced with MS Windows XP SP2 for i386 PE targets.

    Tor project is also using this. Even if we don't want this for 0.7 it should be tested and talked about for a near release IMHO.

  2. BitcoinPullTester commented at 3:25 PM on August 14, 2012: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/021d2759489b14c09a98ad4f807ac22540e8fe93 for binaries and test log.

  3. Diapolo commented at 7:34 PM on August 14, 2012: none

    I tried the version from @BitcoinPullTester and it starts just fine, but Process Explorer shows ASLR as Disabled, which it does not for my local build with the linker flags from this patch.

  4. laanwj commented at 6:56 AM on August 16, 2012: member

    Maybe the cross-compiler ignores the arguments?

  5. Diapolo commented at 7:48 AM on August 16, 2012: none

    Does @BitcoinPullTester use an official Gitian build setup? I observed, that it seems to use Qt 4.8.2 (which is nice), but I'm not sure what causes ASLR not to work or how this can be fixed.

    I used the qmake *= operator, which only adds the options, if they are not present, perhaps I should try with default +=?

  6. sipa commented at 12:34 PM on August 17, 2012: member

    using += won't hurt, but *= should work fine as well.

  7. sipa commented at 12:37 PM on August 17, 2012: member

    By the way, I'm not sure whether the "win32:" qualifier means "building for win32" or "building on win32", the latter not being true for the jenkins build.

  8. Diapolo commented at 12:50 PM on August 17, 2012: none

    @sipa The official qmake docs only mention win32:, while we seem to use windows: quite a lot in the project-file, but that is not what you observed, it looks like you could be right, see this.

    <pre> win32 { SOURCES += paintwidget_win.cpp } The above code will add the paintwidget_win.cpp file to the sources listed in the generated Makefile if qmake is used on a Windows platform. If qmake is used on a platform other than Windows, the define will be ignored. </pre>

    From: http://doc-snapshot.qt-project.org/4.8/qmake-advanced-usage.html

    But how can we enable linker-flags for Windows builds then? Would the condition be true for official Gitian builds?

  9. laanwj commented at 12:57 PM on August 17, 2012: member

    Could be that we explicitly need to tell qmake that we're cross building for windows.

    I think it would be pretty incredible though, if it had ignored the windows specific options all this time in gitian and we wouldn't have noticed it. What about the exceptions+threading fix, for example?

  10. sipa commented at 1:01 PM on August 17, 2012: member

    I just checked; all windows-specific stuff enabled in bitcoin-qt.pro ends up being passed as command-line options in jenkin's build log. @Diapolo Can you try changing the win32: qualifier to windows: ?

  11. Diapolo commented at 1:05 PM on August 17, 2012: none

    @sipa Updated to windows: I'll also check my makefiles and will try windows: and win32:.

  12. Diapolo commented at 1:08 PM on August 17, 2012: none

    On Windows it doesn't matter, if I use win32: or windows:, all expected arguments are in the makefile after running qmake.

  13. Diapolo commented at 1:34 PM on August 17, 2012: none

    I also checked http://jenkins.bluematt.me/pull-tester/021d2759489b14c09a98ad4f807ac22540e8fe93/test.log and did not find -Wl,--dynamicbase -Wl,--nxcompat.

  14. TheBlueMatt commented at 4:50 PM on August 17, 2012: member

    @Diapolo I thought I grabbed the same versions of deps that the gitian file uses, but I might have just grabbed the latest Qt...However, I did use exactly the gitian script (minus a few faketimes, etc things that are only there to make it deterministic), so if you find the version it uses, running the same gitian scripts with that version should work fine.

  15. Diapolo commented at 4:53 PM on August 17, 2012: none

    @TheBlueMatt Thanks for that information, btw. I think we should use latest Qt for official builds, but that's not the matter here :). How does @BitcoinPullTester check if a pull changed or how long does it take after a new build is started after a rebase. Just asking, as I want to get this issue sorted out (missing linker-flags).

  16. TheBlueMatt commented at 4:57 PM on August 17, 2012: member

    It just constantly loops and checks if the tip commit on a pull is in its list of already-checked commits. If you push an update (wait a few minutes, and its not already busy on another pull), you can see the test.log before the build is done by going to http://jenkins.bluematt.me/pull-tester/ and finding your new commit.

  17. BitcoinPullTester commented at 9:45 PM on August 17, 2012: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/f5ab15b1bf82210c4d71e517730bc6806cbcfd48 for binaries and test log.

  18. Diapolo commented at 10:37 PM on August 17, 2012: none

    The useage of windows: doesn't change anything, still -Wl,--dynamicbase -Wl,--nxcompat is missing from Makefile.Release and the test.log. I'll now try with += instead of *= ... any other ideas are welcome. I just saw that the cross-compilation seems unsupported / unofficial, could this be the reason?

  19. Diapolo commented at 10:49 PM on August 17, 2012: none

    @TheBlueMatt It seems to me that RELEASE=1 is missing in the test.log's qmake-calls, could this be true?

  20. Diapolo commented at 11:10 PM on August 17, 2012: none

    Latest rebase moves the linker-flags out of the RELEASE=1 scope (for testing only, so DON'T MERGE THIS YET). If the flags then occur in the makefile or test.log we know the missing RELEASE=1 qmake-flag is the cause.

  21. TheBlueMatt commented at 12:07 AM on August 18, 2012: member

    No, RELEASE=1 is not in the qmake spec that pull-tester calls...why do we need to only apply ASLR and DEP to RELEASE=1 binaries? Also, afaik, the only two options are RELEASE=1 or DEBUG=1, and RELEASE is the default (though not set if you check for it as a var) maybe there is a different way to check if you are doing a RELEASE build? (because it generally creates two makefiles, a Makefile.Release and Makefile.Debug, and by default, uses the Release version)

  22. BitcoinPullTester commented at 2:31 AM on August 18, 2012: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/683860efbff033d63a52cf6dbf8322450fd49711 for binaries and test log.

  23. laanwj commented at 5:51 AM on August 18, 2012: member

    I think it's fine to enable the flags for both release and debug builds. Good to keep debug and release as close as possible to prevent surprises.

    Unlike some kinds of optimizations, debuggers don't choke on DEP and ASLR do they?

  24. BitcoinPullTester commented at 7:35 AM on August 18, 2012: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/bcfdeb63b74bb899c6b78add6e47a5eb4c33bc02 for binaries and test log.

  25. laanwj commented at 7:41 AM on August 18, 2012: member

    bitcoin-qt.exe: DllCharacteristics 00000140

    It worked!

  26. Bitcoin-Qt (Windows only): add ASLR and DEP linker flags
    - for extra security on Windows: enable ASLR and DEP via GCC linker flags

GCC linker flag description:
--dynamicbase  The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows Vista for i386 PE targets.
--nxcompat The image is compatible with the Data Execution Prevention.
This feature was introduced with MS Windows XP SP2 for i386 PE targets.
    8e2ebc0106
  27. Diapolo commented at 8:58 AM on August 18, 2012: none

    Verified to be active now, as the flags occur in the test.log and the running exe shows ASLR as Enabled now.

    ASLR working

    The last rebase just removed the indention and updated the commit message and comment.

  28. laanwj referenced this in commit 221497c61b on Aug 18, 2012
  29. laanwj merged this on Aug 18, 2012
  30. laanwj closed this on Aug 18, 2012
  31. Diapolo commented at 9:48 AM on August 18, 2012: none

    @sipa If we want this for bitcoind.exe on Windows, where do we need to add the linker flags?

  32. suprnurd referenced this in commit 52cd4d40d8 on Dec 5, 2017
  33. DrahtBot locked this on Sep 8, 2021
Contributors
DiapoloBitcoinPullTesterlaanwjsipaTheBlueMatt
Linked (view graph)
#1697 ASLR and DEP for bitcoind.exe on Windows
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 03:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me