scripts: add MACHO PIE check to security-check.py #17787

pull fanquake wants to merge 2 commits into bitcoin:master from fanquake:add_macOS_to_security_check changing 4 files +46 −4
  1. fanquake commented at 9:53 pm on December 21, 2019: member

    This uses otool -vh to print the mach header and look for the PIE flag:

    0otool -vh src/bitcoind
    1Mach header
    2      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
    3MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    24       2544   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
    

    From mach-o/loader.h:

    0#define	MH_PIE 0x200000			/* When this bit is set, the OS will
    1					   load the main executable at a
    2					   random address.  Only used in
    3					   MH_EXECUTE filetypes. */
    
  2. fanquake added the label Scripts and tools on Dec 21, 2019
  3. fanquake added the label Needs gitian build on Dec 21, 2019
  4. fanquake force-pushed on Dec 21, 2019
  5. DrahtBot commented at 4:33 pm on December 22, 2019: member

    Gitian builds

    File commit 0cda5573405d75d695aba417e8f22f1301ded001(master) commit f410d10078d12fbee4f47df9c7e29b297ba7a392(master and this pull)
    bitcoin-0.19.99-aarch64-linux-gnu-debug.tar.gz d45b6f900ad661ea... 93a8059e2cdffdb3...
    bitcoin-0.19.99-aarch64-linux-gnu.tar.gz 0d5b111c83d134bf... 9167487fff9ad7cc...
    bitcoin-0.19.99-arm-linux-gnueabihf-debug.tar.gz 0f12415dcf859e8e... e75a9d75a26e452d...
    bitcoin-0.19.99-arm-linux-gnueabihf.tar.gz 0dce441a1e6df41a... c5c8189b9c717c06...
    bitcoin-0.19.99-i686-pc-linux-gnu-debug.tar.gz c4e07651af3cb61d... 98ae87f16c95d144...
    bitcoin-0.19.99-i686-pc-linux-gnu.tar.gz 087cf1d2ae102486... 42921990c000486d...
    bitcoin-0.19.99-osx-unsigned.dmg b583812828864f7d... 2295dfed050febcb...
    bitcoin-0.19.99-osx64.tar.gz 83118c41a5e8ab3a... 8d6c99c7edbfb41e...
    bitcoin-0.19.99-riscv64-linux-gnu-debug.tar.gz 646e482bdd697f0e... 98c7d4e40a60d91f...
    bitcoin-0.19.99-riscv64-linux-gnu.tar.gz cbb7b0cda942c159... 4a97a2c7253d56f7...
    bitcoin-0.19.99-win64-debug.zip 5bf356f7bad511aa... f53f54cfdaeeccfe...
    bitcoin-0.19.99-win64-setup-unsigned.exe 97cacb675d3fb6e4... 370dc4026a7ccc57...
    bitcoin-0.19.99-win64.zip 3f90fa82138f88a0... b7ee9164965b83f7...
    bitcoin-0.19.99-x86_64-linux-gnu-debug.tar.gz 7e12d1179ce41526... 84d615c7d0517be7...
    bitcoin-0.19.99-x86_64-linux-gnu.tar.gz 201eae397f68469c... 986fedb9008c669f...
    bitcoin-0.19.99.tar.gz ce92e2adf12e9a24... de9b2359a99ad168...
    bitcoin-core-linux-0.20-res.yml 2c0f16463c33dd1d... 738a63fe32b3818a...
    bitcoin-core-osx-0.20-res.yml 8d48bdfbe38d49f8... 21dca85dfab42b96...
    bitcoin-core-win-0.20-res.yml 2036e58d9fe61d32... c187ce1bed90bd44...
    linux-build.log a774272288af61e5... f7404ecce0c8e5c3...
    osx-build.log d4429e97d2b77379... c8f635e8973590fd...
    win-build.log 340a0fa5f46e0f2e... 993803432e73b05c...
    bitcoin-core-linux-0.20-res.yml.diff 3daa105a128c2617...
    bitcoin-core-osx-0.20-res.yml.diff 808a87d7dcd4cadd...
    bitcoin-core-win-0.20-res.yml.diff 77f34938030d086e...
    linux-build.log.diff 204824b486754bbf...
    osx-build.log.diff d0de63551862bd45...
    win-build.log.diff 02ffe7cdb7183fd2...
  6. DrahtBot removed the label Needs gitian build on Dec 22, 2019
  7. fanquake deleted a comment on Dec 22, 2019
  8. fanquake force-pushed on Jan 2, 2020
  9. fanquake commented at 6:39 am on January 2, 2020: member
    Fixed up some documentation, added a function to retrieve all MACH-O flags and an additional commit to check for NOUNDEFS.
  10. fanquake added the label Needs gitian build on Jan 2, 2020
  11. scripts: add MACHO PIE check to security-check.py 4ca92dc6d3
  12. scripts: add MACHO NOUNDEFS check to security-check.py 7c9e821c4e
  13. fanquake force-pushed on Jan 2, 2020
  14. laanwj commented at 11:46 am on January 2, 2020: member
    code review ACK 7c9e821c4e6cb186208ead9c8df616d1f393a49a
  15. laanwj referenced this in commit 0655c7a94c on Jan 2, 2020
  16. laanwj merged this on Jan 2, 2020
  17. laanwj closed this on Jan 2, 2020

  18. fanquake deleted the branch on Jan 2, 2020
  19. MarcoFalke commented at 3:20 pm on January 2, 2020: member

    (Ir)relevant, but related discussion from IRC:

     0[00:06] <wumpus> happy 2020 everyone
     1[00:12] <fanquake> wumpus 🎉
     2[00:12] <wumpus> lets do my first 'git pull' of the repository this decade
     3[00:15] <fanquake> Watch out for all the copyright headers 🙄
     4[00:16] <wumpus> that  causes make / ccache to forget everything resulting in a clean build for the new year!
     5[00:20] <fanquake> heh. Looking forward to another decade of bitcoind!
     6[00:21] <wumpus> yes!
     7[00:22] <wumpus> what would be cool to merge as first PR?
     8[00:23] <wumpus> [#10785](/bitcoin-bitcoin/10785/) would be nice
     9[00:23] <gribble> [#10785](/bitcoin-bitcoin/10785/) | Serialization improvements by sipa · Pull Request [#10785](/bitcoin-bitcoin/10785/) · bitcoin/bitcoin · GitHub
    10[00:24] <fanquake> Right now I can probably only tell you what would not be cool to merge
    11[00:24] <wumpus> very futuristic to have improved serialization for the new decade
    12[00:24] <wumpus> hehe yes
    13[00:26] <sipa> agree! ;)
    14[00:27] <fanquake> I'll be very biased, an suggest that [#17787](/bitcoin-bitcoin/17787/) is just a tiny bit "cool"
    15[00:27] <gribble> [#17787](/bitcoin-bitcoin/17787/) | scripts: add MACHO PIE check to security-check.py by fanquake · Pull Request [#17787](/bitcoin-bitcoin/17787/) · bitcoin/bitcoin · GitHub
    16[00:28] <sipa> MACHO does sound very cool
    17[00:30] <fanquake> Got some pie as well. Sounds like a good deal all round
    18[00:31] <wumpus> MACHO PIE
    19[00:32] <wumpus> it's good branding for security features
    20[00:35] <fanquake> macOS has all the cool flags heh
    21[00:35] <fanquake> NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
    
  20. MarcoFalke removed the label Needs gitian build on Jan 2, 2020
  21. sidhujag referenced this in commit 91fdb4cb1b on Jan 2, 2020
  22. sidhujag referenced this in commit fe6f5c0866 on Nov 10, 2020
  23. DrahtBot locked this on Feb 15, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-19 03:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me