build: fix ASLR for bitcoin-cli on Windows #18702

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:fix_pe_cli_aslr changing 1 files +10 −2
  1. fanquake commented at 2:57 am on April 19, 2020: member

    ASLR is not currently working for the bitcoin-cli.exe binary. This is due to it not having a .reloc section, which is stripped by default by the mingw-w64 ld we use for gitian builds. A good summary of issues with ld and mingw-w64 is available in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011.

    All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld.

    This change is a temporary workaround, also the same one described here: https://www.kb.cert.org/vuls/id/307144/, that causes main() to be exported. Exporting a symbol will mean that the .reloc section is not stripped, and ASLR will function correctly.

    Ultimately, this will be fixed by using a newer version of binutils (that has this change). Whether that’s through bumping our gitian distro, or Guix.

    Related to #18629, which has a bunch of additional information in the PR description. If you would like to verify whether or not ASLR is indeed working, with or without this change. One easy way to check is using a tool like VMMap.

    Here are the memory mappings for the 0.20.0rc1 bitcoind.exe and bitcoin-cli.exe binaries. You’ll notice that over machine restarts, even though the image is marked (ASLR) (which I assume may be due to the header bit being set), no ASLR is actually occuring for bitcoin-cli.exe:

    bitcoind.exe

    bitcoind-1

    bitcoind-2

    bitcoind-3

    bitcoin-cli.exe

    bitcoin-cli-1

    bitcoin-cli-2

    bitcoin-cli-3

  2. build: fix ASLR for bitcoin-cli on Windows 
    ASLR is not currently working for the bitcoin-cli.exe binary. This is
due to it not having a .reloc section, which is stripped by default by
the mingw-w64 ld we use for gitian builds. A good summary of issues with
ld and mingw-w64 is available in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.

All other Windows binaries that we distribute (bitcoind, bitcoin-qt,
bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue,
and currently having working ASLR. This is due to them exporting
(inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc
section is not stripped by ld.

This change is a temporary workaround, also the same one described here:
https://www.kb.cert.org/vuls/id/307144/, that causes main() to be
exported. Exporting a symbol will mean that the .reloc section is not
stripped, and ASLR will function correctly.
    315a4d36f7
  3. fanquake added the label Windows on Apr 19, 2020
  4. fanquake added the label Build system on Apr 19, 2020
  5. fanquake added the label Needs gitian build on Apr 19, 2020
  6. DrahtBot commented at 8:43 pm on April 19, 2020: member

    Gitian builds

    File commit 6ae99aab5d97b06d46ff940111b290f1eeb90045(master) commit d237dea61c1868cce7415e21f37667b2b7de8097(master and this pull)
    bitcoin-0.20.99-aarch64-linux-gnu-debug.tar.gz 9e74baea5087f75d... 17b7170b00c0dd88...
    bitcoin-0.20.99-aarch64-linux-gnu.tar.gz b97f8fed4ef242bc... da9a6944b9be6b4c...
    bitcoin-0.20.99-arm-linux-gnueabihf-debug.tar.gz c3cafca0d2c385b7... e6676a2849cfa71b...
    bitcoin-0.20.99-arm-linux-gnueabihf.tar.gz 9cf7842f6c7e72f9... d71bb140861e5eca...
    bitcoin-0.20.99-osx-unsigned.dmg b8882f2b1e257bee... 52df1d0523647495...
    bitcoin-0.20.99-osx64.tar.gz 9100c2ace54ffeb2... 4985eb0096483c4c...
    bitcoin-0.20.99-riscv64-linux-gnu-debug.tar.gz e3794553bdeb3406... 0345a24d96cca6a2...
    bitcoin-0.20.99-riscv64-linux-gnu.tar.gz 3d60c7b6ad3a3b7a... 0783727f20114c82...
    bitcoin-0.20.99-win64-debug.zip 923a2a8d708b1196... 8d339f57d6fe94e3...
    bitcoin-0.20.99-win64-setup-unsigned.exe 4fd60fb4ee6d252a... 55d2abd0b43819dc...
    bitcoin-0.20.99-win64.zip 014a0e245da57de1... f22edf0c92378827...
    bitcoin-0.20.99-x86_64-linux-gnu-debug.tar.gz 6b72060bfdf9cd8a... e289c83cd70e9e33...
    bitcoin-0.20.99-x86_64-linux-gnu.tar.gz d2e0d4726ecd84f6... 0a21c16ad59f670b...
    bitcoin-0.20.99.tar.gz 5f8eaab85a59877b... 5b40dd5eeb98dabb...
    bitcoin-core-linux-0.21-res.yml b9c0b8516f1f7476... 3002aa03ee950e1b...
    bitcoin-core-osx-0.21-res.yml aa56d3073ba6853c... e64d1a4f3ec80411...
    bitcoin-core-win-0.21-res.yml 127d7553b4c8553c... fa50baed0f18ce1f...
    linux-build.log 826d7ba2297e1251... 12a723ef0886c1f0...
    osx-build.log a889d7e96df8cc6a... 18583e3a9431da5f...
    win-build.log 6311c7e3c77d0b67... 33da40887ebdda26...
    bitcoin-core-linux-0.21-res.yml.diff e14541ca07136f09...
    bitcoin-core-osx-0.21-res.yml.diff 5cbb2d4ee9620e1b...
    bitcoin-core-win-0.21-res.yml.diff a10fe6ab80d289a3...
    linux-build.log.diff 758faaa56e5468ec...
    osx-build.log.diff 66114758316db2da...
    win-build.log.diff a4119d365f724743...
  7. DrahtBot removed the label Needs gitian build on Apr 19, 2020
  8. dongcarl commented at 10:51 am on April 20, 2020: member
    ACK 315a4d36f716341a38bc4e4de8630b3246d27dbc Travis failure seems to be because of #18691
  9. laanwj commented at 10:19 am on April 22, 2020: member

    Thanks for the clear description of the issue in the OP and comment.

    ACK 315a4d36f716341a38bc4e4de8630b3246d27dbc

    (restarted failed travis run)

  10. laanwj added the label Needs backport (0.20) on Apr 22, 2020
  11. laanwj merged this on Apr 22, 2020
  12. laanwj closed this on Apr 22, 2020
  13. fanquake deleted the branch on Apr 23, 2020
  14. sidhujag referenced this in commit b1034e7ce6 on Apr 23, 2020
  15. fanquake referenced this in commit 6986b26346 on Apr 23, 2020
  16. fanquake removed the label Needs backport (0.20) on Apr 23, 2020
  17. laanwj referenced this in commit fb5b098598 on May 11, 2020
  18. fanquake referenced this in commit c7ba085789 on Jan 15, 2021
  19. fanquake referenced this in commit c061800bb1 on Jan 15, 2021
  20. laanwj referenced this in commit 7acda55c4f on Jan 17, 2021
  21. sidhujag referenced this in commit dd5dc2411a on Jan 17, 2021
  22. remyers referenced this in commit 122e0f568a on Jan 26, 2021
  23. backpacker69 referenced this in commit 977d0576d3 on Mar 28, 2021
  24. DrahtBot locked this on Feb 15, 2022


fanquake DrahtBot dongcarl laanwj

Labels
Windows Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-29 01:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me