I found it possible to revert #18702 for the following reasons:
- guix
bitcoin-cli.exebinary passessecurity-check.py - VMMap tool shows that ASLR is indeed working for
bitcoin-cli.exe(rebooted between screenshots):
Revert "build: fix ASLR for bitcoin-cli on Windows" #23360
pull hebasto wants to merge 1 commits into bitcoin:master from hebasto:211026-win-aslr changing 1 files +2 −10-
hebasto commented at 10:42 AM on October 26, 2021: member
-
1f16c8c450
Revert "build: fix ASLR for bitcoin-cli on Windows"
This reverts commit 315a4d36f716341a38bc4e4de8630b3246d27dbc.
- hebasto added the label Windows on Oct 26, 2021
- hebasto added the label Build system on Oct 26, 2021
-
- MarcoFalke added the label DrahtBot Guix build requested on Oct 26, 2021
-
hebasto commented at 2:17 PM on October 26, 2021: member
Guix builds:
$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum d375f9daea0a5dd6d045be33564cff99aa98abcb7bb6d850d57ff7328c12bae9 guix-build-1f16c8c450cf/output/aarch64-linux-gnu/SHA256SUMS.part 82d1adde08bdd95d4d607879c31e170dc038cebbf86dc0816a52146d755504c4 guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu-debug.tar.gz ca81a4db522b9d72e09f3442c3c0b282e3208dda06896d6116cbb62555b33e7e guix-build-1f16c8c450cf/output/aarch64-linux-gnu/bitcoin-1f16c8c450cf-aarch64-linux-gnu.tar.gz eaa4b3957a14a125528dfe46d132a1ec86a20079c49d17e5b966ec15f3bd4d80 guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/SHA256SUMS.part cbdfb60d6807c2a1d090c23d4540db2902235f01d90868eab93ef20bfcd1f7c0 guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf-debug.tar.gz ef00dd64911a9aa0c95dc139c76e0ffddc2b1aa0257b1ae337341fb791d9ee4e guix-build-1f16c8c450cf/output/arm-linux-gnueabihf/bitcoin-1f16c8c450cf-arm-linux-gnueabihf.tar.gz 08ca12ce07075ff60850b207903e00e98e4348355076a8dd763b885c05963957 guix-build-1f16c8c450cf/output/dist-archive/bitcoin-1f16c8c450cf.tar.gz db361957e241eafabe56aaa91752ebd727ad7e34c212ff80269c1ffc8c90f4a2 guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/SHA256SUMS.part 15ebbb20ff7b07bf7cdb5658702617141b1ca92d77fb641339ba4e0c856bf959 guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu-debug.tar.gz b17bf752615192657f8a1d3c95d905965f1257aff8ff5b552944f534931d5785 guix-build-1f16c8c450cf/output/powerpc64-linux-gnu/bitcoin-1f16c8c450cf-powerpc64-linux-gnu.tar.gz 9d05e31fa7d8669e97ee278628e17e85b6ad52c505909271fd98cc329cd8d470 guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/SHA256SUMS.part 1e116725623d8102f2f7b8d7357888ca533ee7bb66419ab3962f3e5f674f872c guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu-debug.tar.gz ae4f25345a00807a8405fccc921ff13045c5b7f76c369305b240f00d6e0c75b9 guix-build-1f16c8c450cf/output/powerpc64le-linux-gnu/bitcoin-1f16c8c450cf-powerpc64le-linux-gnu.tar.gz 19d00f1438324047dfbd51ece15b0fb14e3dbdb0aee2d2ab5dc8a8d3e2804ddb guix-build-1f16c8c450cf/output/riscv64-linux-gnu/SHA256SUMS.part 9bc9adb727ce55009fda3ad46c95f0979c3dfc152582fff6b1b5a4fa0b2ce896 guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu-debug.tar.gz a096ed5558b12fd1d6d05d297076b6c0ce8b505944f7df0a42cb35b4219c7e48 guix-build-1f16c8c450cf/output/riscv64-linux-gnu/bitcoin-1f16c8c450cf-riscv64-linux-gnu.tar.gz 7de70ea7421d31c6b386b38390d664b28f34ca871f14f1eb90159eedf1854ea2 guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/SHA256SUMS.part 0c27967dfbe444d0d871343cb77e78659995688bd965def30dacfae65a49ae5b guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.dmg 6e79012ffadccfbe1c2b290a778458b9147377e5b02132af269c7ff756433b16 guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx-unsigned.tar.gz 52a5618adde25dc2e071ee2b31557510c09854e8b09cdac07b2365b87e1392e5 guix-build-1f16c8c450cf/output/x86_64-apple-darwin19/bitcoin-1f16c8c450cf-osx64.tar.gz 6bef6393a8f303019e20071ab58780092023ad53e00c79e4f577db4e192a57d7 guix-build-1f16c8c450cf/output/x86_64-linux-gnu/SHA256SUMS.part eb6dd0d2b357c09e498be0394fb08943560be0bacd9fe226b2f1f611b86aef22 guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu-debug.tar.gz 21b4abb30b080ff9439777e1e9a2dd871700a8b0bbe65d0653004a0954b1be4c guix-build-1f16c8c450cf/output/x86_64-linux-gnu/bitcoin-1f16c8c450cf-x86_64-linux-gnu.tar.gz 4e8ed9ecd2fe0860c736262e2b4c61e41909d067efaee2530c52d4d6c608319a guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/SHA256SUMS.part 8e213c1d35de36a77a445fef7cd01ae1147cc5f61a9e6671dafe1a6e669d8167 guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win-unsigned.tar.gz 72b948cca12632d6f6967c7365024147f98628b65abffe9950f724ae49bb24ad guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-debug.zip d34718f4080a477cac87c71af0c8f18c29b41005ae390f0fb20dc045ec7f9821 guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64-setup-unsigned.exe aff37ea83fd9e591054b12695edb8d2eafb43228020eee424ad3386dfbb6084e guix-build-1f16c8c450cf/output/x86_64-w64-mingw32/bitcoin-1f16c8c450cf-win64.zip -
dongcarl commented at 6:24 PM on October 26, 2021: member
Ooooh this is good info. I'm wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?
-
hebasto commented at 6:27 PM on October 26, 2021: member
I'm wondering if the debian mingw-w64 binutils version will still produce binaries with broken ASLR?
Do you mean
mingw-w648.0 in Debian Bullseye? -
dongcarl commented at 7:07 PM on October 26, 2021: member
Yes, and perhaps stretch since that is supposedly still supported.
-
fanquake commented at 12:02 AM on October 27, 2021: member
NACK. This just reduces security for anyone building with an older binutils.
-
hebasto commented at 4:50 AM on October 27, 2021: member
This just reduces security for anyone building with an older binutils.
A Guix build still available for everyone who concerns about security :tiger2:
NACK.
Closing.
- hebasto closed this on Oct 27, 2021
-
laanwj commented at 5:56 AM on October 27, 2021: member
You could change this PR to instead add a comment that this is solved in newer binutils (if possible, include version number) and the workaround can estensibly go at some point. But yes, probably not now yet.
- hebasto deleted the branch on Oct 27, 2021
-
DrahtBot commented at 11:26 AM on October 27, 2021: member
<!--9cd9c72976c961c55c7acef8f6ba82cd-->
Guix builds
- DrahtBot removed the label DrahtBot Guix build requested on Oct 27, 2021
- DrahtBot locked this on Oct 30, 2022
Labels