Revert “build: fix ASLR for bitcoin-cli on Windows” #23360

pull hebasto wants to merge 1 commits into bitcoin:master from hebasto:211026-win-aslr changing 1 files +2 −10
  1. hebasto commented at 10:42 am on October 26, 2021: member

    I found it possible to revert #18702 for the following reasons:

    • guix bitcoin-cli.exe binary passes security-check.py
    • VMMap tool shows that ASLR is indeed working for bitcoin-cli.exe (rebooted between screenshots):

    Screenshot from 2021-10-26 13-34-20

    Screenshot from 2021-10-26 13-34-46

    Screenshot from 2021-10-26 13-35-14

  2. Revert "build: fix ASLR for bitcoin-cli on Windows" 
    This reverts commit 315a4d36f716341a38bc4e4de8630b3246d27dbc.
    1f16c8c450
  3. hebasto added the label Windows on Oct 26, 2021
  4. hebasto added the label Build system on Oct 26, 2021
  5. hebasto commented at 10:42 am on October 26, 2021: member
    cc @fanquake @dongcarl
  6. MarcoFalke added the label DrahtBot Guix build requested on Oct 26, 2021
  7. hebasto commented at 2:17 pm on October 26, 2021: member

    Guix builds:

     0$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
 1d375f9daea0a5dd6d045be33564cff99aa98abcb7bb6d850d57ff7328c12bae9  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/SHA256SUMS.part
 282d1adde08bdd95d4d607879c31e170dc038cebbf86dc0816a52146d755504c4  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu-debug.tar.gz
 3ca81a4db522b9d72e09f3442c3c0b282e3208dda06896d6116cbb62555b33e7e  guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu.tar.gz
 4eaa4b3957a14a125528dfe46d132a1ec86a20079c49d17e5b966ec15f3bd4d80  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/SHA256SUMS.part
 5cbdfb60d6807c2a1d090c23d4540db2902235f01d90868eab93ef20bfcd1f7c0  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf-debug.tar.gz
 6ef00dd64911a9aa0c95dc139c76e0ffddc2b1aa0257b1ae337341fb791d9ee4e  guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf.tar.gz
 708ca12ce07075ff60850b207903e00e98e4348355076a8dd763b885c05963957  guix-build-1f16c8c450cf/output/dist-archive/bitcoin-1f16c8c450cf.tar.gz
 8db361957e241eafabe56aaa91752ebd727ad7e34c212ff80269c1ffc8c90f4a2  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/SHA256SUMS.part
 915ebbb20ff7b07bf7cdb5658702617141b1ca92d77fb641339ba4e0c856bf959  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu-debug.tar.gz
10b17bf752615192657f8a1d3c95d905965f1257aff8ff5b552944f534931d5785  guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu.tar.gz
119d05e31fa7d8669e97ee278628e17e85b6ad52c505909271fd98cc329cd8d470  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/SHA256SUMS.part
121e116725623d8102f2f7b8d7357888ca533ee7bb66419ab3962f3e5f674f872c  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu-debug.tar.gz
13ae4f25345a00807a8405fccc921ff13045c5b7f76c369305b240f00d6e0c75b9  guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu.tar.gz
1419d00f1438324047dfbd51ece15b0fb14e3dbdb0aee2d2ab5dc8a8d3e2804ddb  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/SHA256SUMS.part
159bc9adb727ce55009fda3ad46c95f0979c3dfc152582fff6b1b5a4fa0b2ce896  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu-debug.tar.gz
16a096ed5558b12fd1d6d05d297076b6c0ce8b505944f7df0a42cb35b4219c7e48  guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu.tar.gz
177de70ea7421d31c6b386b38390d664b28f34ca871f14f1eb90159eedf1854ea2  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/SHA256SUMS.part
180c27967dfbe444d0d871343cb77e78659995688bd965def30dacfae65a49ae5b  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.dmg
196e79012ffadccfbe1c2b290a778458b9147377e5b02132af269c7ff756433b16  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.tar.gz
2052a5618adde25dc2e071ee2b31557510c09854e8b09cdac07b2365b87e1392e5  guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx64.tar.gz
216bef6393a8f303019e20071ab58780092023ad53e00c79e4f577db4e192a57d7  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/SHA256SUMS.part
22eb6dd0d2b357c09e498be0394fb08943560be0bacd9fe226b2f1f611b86aef22  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu-debug.tar.gz
2321b4abb30b080ff9439777e1e9a2dd871700a8b0bbe65d0653004a0954b1be4c  guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu.tar.gz
244e8ed9ecd2fe0860c736262e2b4c61e41909d067efaee2530c52d4d6c608319a  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/SHA256SUMS.part
258e213c1d35de36a77a445fef7cd01ae1147cc5f61a9e6671dafe1a6e669d8167  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win-unsigned.tar.gz
2672b948cca12632d6f6967c7365024147f98628b65abffe9950f724ae49bb24ad  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-debug.zip
27d34718f4080a477cac87c71af0c8f18c29b41005ae390f0fb20dc045ec7f9821  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-setup-unsigned.exe
28aff37ea83fd9e591054b12695edb8d2eafb43228020eee424ad3386dfbb6084e  guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64.zip
  8. dongcarl commented at 6:24 pm on October 26, 2021: member
    Ooooh this is good info. I’m wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?
  9. hebasto commented at 6:27 pm on October 26, 2021: member

    I’m wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?

    Do you mean mingw-w64 8.0 in Debian Bullseye?

  10. dongcarl commented at 7:07 pm on October 26, 2021: member
    Yes, and perhaps stretch since that is supposedly still supported.
  11. fanquake commented at 0:02 am on October 27, 2021: member
    NACK. This just reduces security for anyone building with an older binutils.
  12. hebasto commented at 4:50 am on October 27, 2021: member

    This just reduces security for anyone building with an older binutils.

    A Guix build still available for everyone who concerns about security :tiger2:

    NACK.

    Closing.

  13. hebasto closed this on Oct 27, 2021
  14. laanwj commented at 5:56 am on October 27, 2021: member
    You could change this PR to instead add a comment that this is solved in newer binutils (if possible, include version number) and the workaround can estensibly go at some point. But yes, probably not now yet.
  15. hebasto deleted the branch on Oct 27, 2021
  16. DrahtBot commented at 11:26 am on October 27, 2021: member

    Guix builds

    File commit 22a90186496aea8025316bc5616905ffcf1aeb29(master) commit 77722bc1c26c3745448d778168951fb09f872593(master and this pull)
    SHA256SUMS.part 77e81cb53a713fbc... a3808a11b924cd2d...
    *-aarch64-linux-gnu-debug.tar.gz f789ce2f3015ba6c... 7c1d7eaf433abed6...
    *-aarch64-linux-gnu.tar.gz 305e63f9b6603216... 7149fe3c92325df0...
    *-arm-linux-gnueabihf-debug.tar.gz ab2c024277a36983... e60f0423cc60f627...
    *-arm-linux-gnueabihf.tar.gz 9b26444dc5a034d5... f772c72bab3d5f4f...
    *-osx-unsigned.dmg e384ce08b75a002d... bbdf0d081a5fa6f8...
    *-osx-unsigned.tar.gz 4cc30fd6dfadb714... 0d95a2b509fb36b1...
    *-osx64.tar.gz 93bb740d3f7a9116... aabd755982ee22be...
    *-powerpc64-linux-gnu-debug.tar.gz ee9d613ba0a7d238... 75aa2a5a6b094174...
    *-powerpc64-linux-gnu.tar.gz af2ba22306aa685c... 9e0ce490e1501e4a...
    *-powerpc64le-linux-gnu-debug.tar.gz a6afe10c4314a0d1... 4fba813332a9ff18...
    *-powerpc64le-linux-gnu.tar.gz 8163ae568c1842ce... ae6f9a0f2186d97b...
    *-riscv64-linux-gnu-debug.tar.gz 913b754b36ca2b88... 65941b3639126160...
    *-riscv64-linux-gnu.tar.gz bc593564247876d9... 5b6985adb2b4ea62...
    *-win-unsigned.tar.gz 0823a02ad45558b3... fa2bede8f60116fb...
    *-win64-debug.zip 5fc8392bc83e7398... cc201fccd4243618...
    *-win64-setup-unsigned.exe fa3569449be92a5b... 312ee72ba3940f0f...
    *-win64.zip f1389e70d96cfb4f... ae59d608322a6224...
    *-x86_64-linux-gnu-debug.tar.gz e4e12eb40a12f856... 1d4556c7cf0f1e39...
    *-x86_64-linux-gnu.tar.gz 7f14715bcb58b5db... d73c3b9569f3dc89...
    *.tar.gz 7290f01e94b5d7be... d88b30b7631a4034...
    guix_build.log 0256ff752409aace... 798678b1edcf47eb...
    guix_build.log.diff 76865e64fce02eba...
  17. DrahtBot removed the label DrahtBot Guix build requested on Oct 27, 2021
  18. DrahtBot locked this on Oct 30, 2022


hebasto dongcarl fanquake laanwj DrahtBot

Labels
Windows Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-09-29 01:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me