bitcoin-util
and checks for RISC-V.
security-check: test for _FORTIFY_SOURCE
usage in release binaries
#27038
pull
fanquake
wants to merge
1
commits into
bitcoin:master
from
fanquake:sec_check_fortify_source
changing
2
files
+33 −8
-
fanquake commented at 5:05 pm on February 3, 2023: memberTest for the existence of fortified functions in the ELF release binaries. Currently skips
-
DrahtBot commented at 5:05 pm on February 3, 2023: contributor
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
Code Coverage
For detailed information about the code coverage, see the test coverage report.
Reviews
See the guideline for information on the review process.
Type Reviewers ACK TheCharlatan Concept ACK hebasto Stale ACK laanwj If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
Conflicts
No conflicts as of last run.
-
fanquake commented at 3:46 pm on February 13, 2023: member
we don’t end up with any foritfied funcs in bitcoin-util or bitcoin-cli.
bitcoin-cli
is fixed once we fortify libevent. -
fanquake force-pushed on Feb 17, 2023
-
fanquake referenced this in commit e60a58f191 on Feb 28, 2023
-
fanquake force-pushed on Feb 28, 2023
-
sidhujag referenced this in commit 5f087db8ed on Feb 28, 2023
-
fanquake force-pushed on Mar 31, 2023
-
fanquake force-pushed on Jul 27, 2023
-
fanquake force-pushed on Sep 6, 2023
-
fanquake force-pushed on Oct 2, 2023
-
hebasto commented at 12:27 pm on October 25, 2023: memberConcept ACK.
-
hebasto commented at 12:53 pm on October 25, 2023: member
Can’t be done yet because we don’t end up with any fortified funcs in
bitcoin-util
.Does it make sense to provide a list of expected symbols for every binary been tested? It would be an empty one for
bitcoin-util
. -
fanquake commented at 1:05 pm on October 25, 2023: member
Does it make sense to provide a list of expected symbols for every binary been tested?
I don’t think so, and that would likely require constant maintenance (plus guix builds to be run on every code change).
-
DrahtBot added the label CI failed on Oct 29, 2023
-
DrahtBot removed the label CI failed on Nov 3, 2023
-
fanquake force-pushed on Dec 8, 2023
-
DrahtBot added the label CI failed on Jan 13, 2024
-
fanquake force-pushed on Mar 19, 2024
-
DrahtBot removed the label CI failed on Mar 19, 2024
-
laanwj commented at 7:13 am on April 24, 2024: memberConcept ACK
-
in contrib/devtools/security-check.py:129 in 0295a7857f outdated
116@@ -116,6 +117,21 @@ def check_ELF_control_flow(binary) -> bool: 117 return True 118 return False 119 120+def check_ELF_FORTIFY(binary) -> bool: 121+ 122+ chk_funcs = set() 123+ 124+ for sym in binary.symbols: 125+ match = re.search(r'__[a-z]*_chk', sym.name)
laanwj commented at 7:17 am on April 24, 2024:Might want to check.imported
to make sure it’s an imported symbol, just to be sure.
fanquake commented at 1:54 pm on July 24, 2024:Added.laanwj commented at 7:20 am on April 24, 2024: memberi’d be okay with skipping the check forbitcoin-util
: it’s the least relevant binary for fortification (no network access, not even file format access). Could reconsider it later if it actually gains some useful functionality 😄fanquake force-pushed on Jun 26, 2024fanquake force-pushed on Jul 16, 2024DrahtBot added the label CI failed on Jul 16, 2024DrahtBot added the label Needs rebase on Jul 24, 2024fanquake force-pushed on Jul 24, 2024DrahtBot removed the label Needs rebase on Jul 24, 2024DrahtBot removed the label CI failed on Jul 24, 2024fanquake force-pushed on Jul 24, 2024fanquake commented at 1:54 pm on July 24, 2024: memberi’d be okay with skipping the check for bitcoin-util: it’s the least relevant binary for fortification (no network access, not even file format access). Could reconsider it later if it actually gains some useful functionality 😄
I think I agree, and I’ve added that skipping now.
fanquake marked this as ready for review on Jul 24, 2024fanquake added the label DrahtBot Guix build requested on Jul 24, 2024DrahtBot commented at 9:22 pm on July 24, 2024: contributorGuix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]
File commit fa0b5d68823b69f4861b002bbfac2fd36ed46356(master) commit 3733b4b088ff94c6b8c67ff7d88e8eb135abbfb3(master and this pull) SHA256SUMS.part 7a352dc327a3ba7d...
7a15c6f53f1ac3e5...
*-aarch64-linux-gnu-debug.tar.gz 45c633ad2ea1589c...
799c717db1619d70...
*-aarch64-linux-gnu.tar.gz 826f71f0a6e60d38...
3bc81cd9cb716a46...
*-arm-linux-gnueabihf-debug.tar.gz d6b802771da7503e...
b230f6176739fdca...
*-arm-linux-gnueabihf.tar.gz ff69976db6a377a5...
025f23ab5d1bf74b...
*-arm64-apple-darwin-unsigned.tar.gz b9735db910e72417...
*-arm64-apple-darwin-unsigned.zip ca4404ce38f70756...
*-arm64-apple-darwin.tar.gz 59f547bf068c2e07...
*-powerpc64-linux-gnu-debug.tar.gz bbf043c260328961...
*-powerpc64-linux-gnu.tar.gz bf6246fe6a3794b5...
*-riscv64-linux-gnu-debug.tar.gz 29b4261dcb3fd20f...
*-riscv64-linux-gnu.tar.gz 5a82e9c2a8796bda...
*-x86_64-apple-darwin-unsigned.tar.gz bd31c1ca258f4304...
*-x86_64-apple-darwin-unsigned.zip 7615cf7d77471767...
*-x86_64-apple-darwin.tar.gz e29caf84ac0e04f8...
*-x86_64-linux-gnu-debug.tar.gz 99376a2c4834d9de...
9edd4bea8e20eba1...
*-x86_64-linux-gnu.tar.gz 02d68530d0ffcd1b...
2b4f45db7f666b92...
*.tar.gz 512617514e0e78d0...
df1cceb27e1d64e3...
guix_build.log 11c162bef2a2d548...
c6a80a85f93e8ba4...
guix_build.log.diff f96ccf23661471f7...
DrahtBot removed the label DrahtBot Guix build requested on Jul 24, 2024fanquake commented at 9:21 am on July 25, 2024: memberRISCV build failed here:
0Traceback (most recent call last): 1 File "/distsrc-base/distsrc-3733b4b088ff-riscv64-linux-gnu/./contrib/devtools/test-security-check.py", line 73, in test_ELF 2 self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-no-pie','-fno-PIE']), (1, executable + ': failed PIE')) 3AssertionError: Tuples differ: (1, 'test1: failed PIE FORTIFY') != (1, 'test1: failed PIE') 4 5First differing element 1: 6'test1: failed PIE FORTIFY' 7'test1: failed PIE' 8 9- (1, 'test1: failed PIE FORTIFY') 10? -------- 11 12+ (1, 'test1: failed PIE')
DrahtBot added the label CI failed on Jul 29, 2024fanquake force-pushed on Jul 30, 2024fanquake commented at 12:10 pm on July 30, 2024: memberRISCV build failed here:
This might be a bug in LIEF. Opened https://github.com/lief-project/LIEF/issues/1082 upstream. Pushed up a verison with a workaround for RISC-V. Guix Build (aarch64):
071aadd4cdca388e39742911d0a9a8f858cc796d1037ff4ff05f383bf74b6dfc6 guix-build-573db37893d8/output/aarch64-linux-gnu/SHA256SUMS.part 1723ab391cadeda9afd12d832db26c65f2d69e9e41c92b20a2453821e5fe13dc2 guix-build-573db37893d8/output/aarch64-linux-gnu/bitcoin-573db37893d8-aarch64-linux-gnu-debug.tar.gz 2d04eed5f8d5fadca37c57d18dcd908b71fa66425ee2388227b018f8df7d7cf5e guix-build-573db37893d8/output/aarch64-linux-gnu/bitcoin-573db37893d8-aarch64-linux-gnu.tar.gz 3e7757d05fce2b0a36e6f5785f3f7dbc52985fd4baeb111fc6745ad302ebf1afd guix-build-573db37893d8/output/arm-linux-gnueabihf/SHA256SUMS.part 49f614712ae2dfd1dd5a6f15d4dc96349bbf81372245ef7b835cc0366a4f87e16 guix-build-573db37893d8/output/arm-linux-gnueabihf/bitcoin-573db37893d8-arm-linux-gnueabihf-debug.tar.gz 546d7992241831d4a2a233ec1e984f93f95623672956e80b9bcf4a163ae6a9c9a guix-build-573db37893d8/output/arm-linux-gnueabihf/bitcoin-573db37893d8-arm-linux-gnueabihf.tar.gz 64da3fc982733ac3b5b7214408483ae7626e696ce533862d990e4124c59511fcd guix-build-573db37893d8/output/arm64-apple-darwin/SHA256SUMS.part 7e394ea1b46ee992b7e91d397f4b307f4d9e51bf1019b9c184eae8edbd07ddd9f guix-build-573db37893d8/output/arm64-apple-darwin/bitcoin-573db37893d8-arm64-apple-darwin-unsigned.tar.gz 8602e8a4e3f2b9b55a55f9266e496230d0c049f8fbea1cbda074d2fb2cc0a7549 guix-build-573db37893d8/output/arm64-apple-darwin/bitcoin-573db37893d8-arm64-apple-darwin-unsigned.zip 92172545ab072c79b248e887652a0ea8f375f6907f92d0a593c2cdb57ad03462c guix-build-573db37893d8/output/arm64-apple-darwin/bitcoin-573db37893d8-arm64-apple-darwin.tar.gz 10a9639798be0797c05e05fb2a337ef69dcb64572456a6c9d754f309c4f4870745 guix-build-573db37893d8/output/dist-archive/bitcoin-573db37893d8.tar.gz 1160b2c1abfda3981d973ffdc189892110d54d2d161e9dfc690bbbc32dd7d12397 guix-build-573db37893d8/output/powerpc64-linux-gnu/SHA256SUMS.part 12dea8e5ae3401e8901775aa5a1b8bcbbd64967fe3dc2dc62174f8ad3bfc7f5c39 guix-build-573db37893d8/output/powerpc64-linux-gnu/bitcoin-573db37893d8-powerpc64-linux-gnu-debug.tar.gz 138c4e3561759f92e9e03fdf4305da1a42b58f71711a999f33064c39bfeca725a7 guix-build-573db37893d8/output/powerpc64-linux-gnu/bitcoin-573db37893d8-powerpc64-linux-gnu.tar.gz 149c35b41b09a70d843c6753f1e4d5e8d40c80bd17f9348b8e852a2142a07973ee guix-build-573db37893d8/output/riscv64-linux-gnu/SHA256SUMS.part 1577f84e572d8f931572f5d60e2d61c083232b09cf2232a73d05931664ced815c0 guix-build-573db37893d8/output/riscv64-linux-gnu/bitcoin-573db37893d8-riscv64-linux-gnu-debug.tar.gz 16ef965579cbc9647d0c92b8200520e746b602769a0728c61c36621cae6af7a687 guix-build-573db37893d8/output/riscv64-linux-gnu/bitcoin-573db37893d8-riscv64-linux-gnu.tar.gz 17161a95df9654dfee9a94500c5cc03696502a0d7455538cc498c08cbdb99c56b1 guix-build-573db37893d8/output/x86_64-apple-darwin/SHA256SUMS.part 181626b5d6691a6710d171090c4d8036c44c8585a0b3c2899a6ea30c6333d1e923 guix-build-573db37893d8/output/x86_64-apple-darwin/bitcoin-573db37893d8-x86_64-apple-darwin-unsigned.tar.gz 1923bdd9f1da7be43f86ab47b889efe73dc7e32dd1bfd8a44a610a86b2e872d320 guix-build-573db37893d8/output/x86_64-apple-darwin/bitcoin-573db37893d8-x86_64-apple-darwin-unsigned.zip 20f18231be4b667917a8a75ce539dbec3fcf2f3279abe3cbf69104ba90da0154ca guix-build-573db37893d8/output/x86_64-apple-darwin/bitcoin-573db37893d8-x86_64-apple-darwin.tar.gz 21660054c7cc08d9d10fbd15ec4e818ee0193a15ad5a274c464154e8ea4f122348 guix-build-573db37893d8/output/x86_64-linux-gnu/SHA256SUMS.part 22da66029304a66a0534930b7afaa561354d6b147aed3eafe2e5c2a44959b04cf5 guix-build-573db37893d8/output/x86_64-linux-gnu/bitcoin-573db37893d8-x86_64-linux-gnu-debug.tar.gz 230ab1514591fd1b74e2089e67ff0ef9f81fe72dcfe5932eaf3e9b4b9f96d3d96f guix-build-573db37893d8/output/x86_64-linux-gnu/bitcoin-573db37893d8-x86_64-linux-gnu.tar.gz 2430cad6948053c905234e51996f6512b59faaedbe7e7eb186559611a22c186df4 guix-build-573db37893d8/output/x86_64-w64-mingw32/SHA256SUMS.part 254753f415470f2c816b8ae1be04e09705e51ab57129dc22c680525cf5bb26f40e guix-build-573db37893d8/output/x86_64-w64-mingw32/bitcoin-573db37893d8-win64-debug.zip 2680bf9135f34faec17b962d94b61cf62d5a118908d5544194a416823c57afe015 guix-build-573db37893d8/output/x86_64-w64-mingw32/bitcoin-573db37893d8-win64-setup-unsigned.exe 27516d5499655c57cc07cb7df67bbbd4d4d10260bdfa838229e33ba627cf2c3442 guix-build-573db37893d8/output/x86_64-w64-mingw32/bitcoin-573db37893d8-win64-unsigned.tar.gz 28d5f4ced701f65bddd6ac46621d295d8c98a6ff6d73584452fa9d7ddfa14481cb guix-build-573db37893d8/output/x86_64-w64-mingw32/bitcoin-573db37893d8-win64.zip
fanquake added the label DrahtBot Guix build requested on Jul 30, 2024DrahtBot removed the label CI failed on Jul 30, 2024DrahtBot commented at 11:11 pm on July 30, 2024: contributorGuix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]
DrahtBot removed the label DrahtBot Guix build requested on Jul 30, 2024fanquake commented at 8:04 pm on August 21, 2024: memberThis might be a bug in LIEF. Opened https://github.com/lief-project/LIEF/issues/1082 upstream.
I haven’t yet tested, but the bug should now be fixed, as of https://github.com/lief-project/LIEF/commit/ab85865f279cf02648018417ec8afa12bd0bef24.
fanquake force-pushed on Aug 28, 2024fanquake force-pushed on Aug 30, 2024fanquake force-pushed on Sep 6, 2024fanquake commented at 10:12 am on September 6, 2024: memberGuix Build (aarch64):
0f21ba8dde52ecf7fd1e76b5f6efe7d620a7a0baf8099eb6d25d09161a73f2030 guix-build-6c9000cfbfab/output/aarch64-linux-gnu/SHA256SUMS.part 15e89a83e025bfbc37118a1ca0d386b0ffbde22bd3357b06d7e4c3587e10b0ed6 guix-build-6c9000cfbfab/output/aarch64-linux-gnu/bitcoin-6c9000cfbfab-aarch64-linux-gnu-debug.tar.gz 2d0b7acb03204f077bc88d0d9008041c1aa854a6e0fd244210099ae2f2b8b4ca3 guix-build-6c9000cfbfab/output/aarch64-linux-gnu/bitcoin-6c9000cfbfab-aarch64-linux-gnu.tar.gz 3e4619881f66bbefd26cc4e28723c3ebb9b6720f4a3f83ee4733e41246a72eff6 guix-build-6c9000cfbfab/output/arm-linux-gnueabihf/SHA256SUMS.part 40d3fcb044b41e7b9146329f9a9a2113fd55acab2f2129d58c2b56fca2cf08b0d guix-build-6c9000cfbfab/output/arm-linux-gnueabihf/bitcoin-6c9000cfbfab-arm-linux-gnueabihf-debug.tar.gz 50dde42354c7322480a43281655c6a337429522b6cf845f8dcf154eb87cb4077d guix-build-6c9000cfbfab/output/arm-linux-gnueabihf/bitcoin-6c9000cfbfab-arm-linux-gnueabihf.tar.gz 642b54602d398545561dc2fdc9d8ba255333a24a1c3d61e7455e79c1ac89d0388 guix-build-6c9000cfbfab/output/arm64-apple-darwin/SHA256SUMS.part 7862b895a04b29266e8677d12ec3ed86c90d697e565bfe09b60e7fd987579ddb0 guix-build-6c9000cfbfab/output/arm64-apple-darwin/bitcoin-6c9000cfbfab-arm64-apple-darwin-unsigned.tar.gz 8f30b60f67b6415c6598a64aeb64f5653349e9dfdeacb901c4173a73fb725904f guix-build-6c9000cfbfab/output/arm64-apple-darwin/bitcoin-6c9000cfbfab-arm64-apple-darwin-unsigned.zip 98024ed97ffb3d639882b399dca0c8e305627663d25bc7afc0a3b408a2054590f guix-build-6c9000cfbfab/output/arm64-apple-darwin/bitcoin-6c9000cfbfab-arm64-apple-darwin.tar.gz 10f69554b8a178d80980a0235bb1380dfc7bfff51bffc8d5861540623c26f2088d guix-build-6c9000cfbfab/output/dist-archive/bitcoin-6c9000cfbfab.tar.gz 11e3fe7b51ae096171b0c1f5cadc3f81809b704dc443f4cdcbfdf4da314b308367 guix-build-6c9000cfbfab/output/powerpc64-linux-gnu/SHA256SUMS.part 124ed6abfc07cee15820ef0b82cf627d743eda7c1bf949f91a7259adbfcc908972 guix-build-6c9000cfbfab/output/powerpc64-linux-gnu/bitcoin-6c9000cfbfab-powerpc64-linux-gnu-debug.tar.gz 1372c28fe0d63ca94df4629b05530576f432fa170d5dff9117c7e1fe177df1e33e guix-build-6c9000cfbfab/output/powerpc64-linux-gnu/bitcoin-6c9000cfbfab-powerpc64-linux-gnu.tar.gz 1436efec196510892ae01bfbae75d6fd624be97fba9cdfe98a84f4b743c58e7914 guix-build-6c9000cfbfab/output/riscv64-linux-gnu/SHA256SUMS.part 15713afe90c3fbb54d42d16636b4cc66f94956498e043580510cb0cbcbf1cb0b72 guix-build-6c9000cfbfab/output/riscv64-linux-gnu/bitcoin-6c9000cfbfab-riscv64-linux-gnu-debug.tar.gz 169dc73a4f7fabf55853cb55bcdb7dc64b4670345d2c00d40aea827c62e8dcb8f6 guix-build-6c9000cfbfab/output/riscv64-linux-gnu/bitcoin-6c9000cfbfab-riscv64-linux-gnu.tar.gz 175d059bb7188b104b530c6a21108f94942d6f7acaabf469f1205e3a815721449e guix-build-6c9000cfbfab/output/x86_64-apple-darwin/SHA256SUMS.part 18e7a2b21f3f0737cc5a04a0e4cb7b64afc254347758be97f6312700e85932de2a guix-build-6c9000cfbfab/output/x86_64-apple-darwin/bitcoin-6c9000cfbfab-x86_64-apple-darwin-unsigned.tar.gz 19a45a52a60dd218cae67faaca037d4004da8b1ba299b04e80780d5a416ed6596a guix-build-6c9000cfbfab/output/x86_64-apple-darwin/bitcoin-6c9000cfbfab-x86_64-apple-darwin-unsigned.zip 20460ea30d33f604ed044b9ee66dfbecbc0fb7049a18a899d365420d8c3bc31d35 guix-build-6c9000cfbfab/output/x86_64-apple-darwin/bitcoin-6c9000cfbfab-x86_64-apple-darwin.tar.gz 216dca6e13803d9ea07c20e9e865b48aae4e5e5e7ac0e0dd6f5699990769e165f3 guix-build-6c9000cfbfab/output/x86_64-linux-gnu/SHA256SUMS.part 22e4be9ef51c5fecfbf6bdf31508dc8f6aaaf31d46d49101da2b3a2e86c30513d8 guix-build-6c9000cfbfab/output/x86_64-linux-gnu/bitcoin-6c9000cfbfab-x86_64-linux-gnu-debug.tar.gz 23686499d3990e762945279536aa9c84e6c79fc8e85d1e4ecedbb0ce9c70c3154c guix-build-6c9000cfbfab/output/x86_64-linux-gnu/bitcoin-6c9000cfbfab-x86_64-linux-gnu.tar.gz 24efe2376411ac6979dfe6e542b4bd1d5e950f069ba057755cf3a1cfac9aa3b619 guix-build-6c9000cfbfab/output/x86_64-w64-mingw32/SHA256SUMS.part 25b3fcd800835eea1430e19f7cab82006c96f15b86985d9582d81e62de3fe6c195 guix-build-6c9000cfbfab/output/x86_64-w64-mingw32/bitcoin-6c9000cfbfab-win64-debug.zip 262b8e9e6cc2a0f2215d21599db5b03d2c9f7a158f3182908682b23df4b643976f guix-build-6c9000cfbfab/output/x86_64-w64-mingw32/bitcoin-6c9000cfbfab-win64-setup-unsigned.exe 273e476530d1321acb2561027ce8ea05fc9a98430c6afc6a50ccd60ace72445f5b guix-build-6c9000cfbfab/output/x86_64-w64-mingw32/bitcoin-6c9000cfbfab-win64-unsigned.tar.gz 28bb55ef5ebc3e768899c71033dae45fbb45e26c415209047f460d5d6f3e98529c guix-build-6c9000cfbfab/output/x86_64-w64-mingw32/bitcoin-6c9000cfbfab-win64.zip
laanwj commented at 9:34 am on September 8, 2024: memberACK 6c9000cfbfab1cd3b48efebd8e0e90ae597cf561
Building on x86_64 gets different guix output for MacOS. But this is unrelated to this PR.
0-129b365bba906f50926218d5b8bb76921f5f637549fe44941e01eb8ba5d5d5f0 guix-build-6c9000cfbfab/output/arm64-apple-darwin/bitcoin-6c9000cfbfab-arm64-apple-darwin-unsigned.zip 1+f30b60f67b6415c6598a64aeb64f5653349e9dfdeacb901c4173a73fb725904f guix-build-6c9000cfbfab/output/arm64-apple-darwin/bitcoin-6c9000cfbfab-arm64-apple-darwin-unsigned.zip 2-f836231d54d171cd98589519166200ed6a65741ff249e6e2144e94cf0e964ce5 guix-build-6c9000cfbfab/output/x86_64-apple-darwin/bitcoin-6c9000cfbfab-x86_64-apple-darwin-unsigned.zip 3+a45a52a60dd218cae67faaca037d4004da8b1ba299b04e80780d5a416ed6596a guix-build-6c9000cfbfab/output/x86_64-apple-darwin/bitcoin-6c9000cfbfab-x86_64-apple-darwin-unsigned.zip
DrahtBot requested review from hebasto on Sep 8, 2024contrib: test for FORTIFY_SOURCE in security-check.py be4f78275ffanquake force-pushed on Sep 9, 2024fanquake added the label DrahtBot Guix build requested on Sep 9, 2024fanquake commented at 2:01 pm on September 9, 2024: memberGuix build (x86_64) note that macOS builds (probably) wont match:
0b3bcd9f7508b35b3f4a187e9f1e4c87648bf3897575c0c4db8664f1fe08c2cf4 guix-build-be4f78275fa6/output/aarch64-linux-gnu/SHA256SUMS.part 1356c7b9493887fc839e6b7951a3396085bfea33efce91070f972a69f60aac1f4 guix-build-be4f78275fa6/output/aarch64-linux-gnu/bitcoin-be4f78275fa6-aarch64-linux-gnu-debug.tar.gz 2e2887613ca5d1f929294487f86bd36ab6af0739d12625c6c661a35781c4f1523 guix-build-be4f78275fa6/output/aarch64-linux-gnu/bitcoin-be4f78275fa6-aarch64-linux-gnu.tar.gz 392514b0968dbc869cc40fa618576d92aeedebcc7b93b08355ce7e0ced96e8992 guix-build-be4f78275fa6/output/arm-linux-gnueabihf/SHA256SUMS.part 41e692efe2151693cd353ad584678718431aed1f3b26550b7708774c32f8f11b8 guix-build-be4f78275fa6/output/arm-linux-gnueabihf/bitcoin-be4f78275fa6-arm-linux-gnueabihf-debug.tar.gz 53182761dacaac998d2f4bf3c40d8f459ab6c61ea3912895e4fb4f5ef78814b0c guix-build-be4f78275fa6/output/arm-linux-gnueabihf/bitcoin-be4f78275fa6-arm-linux-gnueabihf.tar.gz 6fb15e70c205133aaaf71211260a94914bb2721adc249a14cc39d2be211265dae guix-build-be4f78275fa6/output/arm64-apple-darwin/SHA256SUMS.part 722999d45e4c5e22b1279a4362abda833d51bed2f5c1d478ad8f9f73b8878def5 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin-unsigned.tar.gz 88e295048be58a10b7a5c239baa84a7b04b84d523f5149884127b1a403636fba8 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin-unsigned.zip 91dd8fb0de68f9598f245d2565d634fbae232ce2507019de83724f72c3835f8b8 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin.tar.gz 107e48a49b04818bab314d872cffd11aa41650b01717bc01edc461e50d5afcb428 guix-build-be4f78275fa6/output/dist-archive/bitcoin-be4f78275fa6.tar.gz 1165fae266d1a0bee5654bde79d02d9df9d0e0a35b517da1d8f227edb889171b8b guix-build-be4f78275fa6/output/powerpc64-linux-gnu/SHA256SUMS.part 1296ab98442b875cec7aa7ef927ae1ffb3ea047c1827f82e97ce3e2b5d942c8998 guix-build-be4f78275fa6/output/powerpc64-linux-gnu/bitcoin-be4f78275fa6-powerpc64-linux-gnu-debug.tar.gz 13fdb0639b6efe2baee6266c516f482ed36ed71965ba21a3706d0a61444792a700 guix-build-be4f78275fa6/output/powerpc64-linux-gnu/bitcoin-be4f78275fa6-powerpc64-linux-gnu.tar.gz 142ea0fa8ee3e33350a43cb153223ab9d11cb6520f300c08010784df2cdfd9e9b2 guix-build-be4f78275fa6/output/riscv64-linux-gnu/SHA256SUMS.part 1562c8961a668bee937eb9afa3ddf532a43f81402d55db4c9b16aeb3025e1f1a6a guix-build-be4f78275fa6/output/riscv64-linux-gnu/bitcoin-be4f78275fa6-riscv64-linux-gnu-debug.tar.gz 160fa073206c1b5723242317ff4564d1c78e2f2184464552c896fcd90a6fcc98fa guix-build-be4f78275fa6/output/riscv64-linux-gnu/bitcoin-be4f78275fa6-riscv64-linux-gnu.tar.gz 17e9ed6817139513fae596446e003c5c6e1b96cb9497cb9b68e2423d62580b5137 guix-build-be4f78275fa6/output/x86_64-apple-darwin/SHA256SUMS.part 18ae08548740f12a8c0053570aa9048c8de3db0c195f2360e39048556efe1f1027 guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin-unsigned.tar.gz 1996228a3d7ef976f8dccbe58c462065c260191ec093fa56919a8a96bae4631fdf guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin-unsigned.zip 203cd89ca037f9ffc8a42c9e83ddccc5fc49f7c365fcbed4c5ae50b6a243f8fffd guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin.tar.gz 213ddcd9d6d618b2a1769baccaf5a4d6f44cf7ac4f6554c27be2aaa50dfc5efeca guix-build-be4f78275fa6/output/x86_64-linux-gnu/SHA256SUMS.part 2249f09f86a8b485ce0b55bb56a7f214021ea56a23e942e98a4994a01559761615 guix-build-be4f78275fa6/output/x86_64-linux-gnu/bitcoin-be4f78275fa6-x86_64-linux-gnu-debug.tar.gz 23fe0e969bdfeb3743074b51d2eee31da938110ec00f10b3e1d3fa8548d4400645 guix-build-be4f78275fa6/output/x86_64-linux-gnu/bitcoin-be4f78275fa6-x86_64-linux-gnu.tar.gz 24b6e26a5527d84fc65077c34b61b3d813e5aa3b76383eb13aab84b2282b1b27dc guix-build-be4f78275fa6/output/x86_64-w64-mingw32/SHA256SUMS.part 25fd2352c71357a7e239da30154ca056df1f2d31594e353f44d74841d786879840 guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-debug.zip 26521e156965a8bee4399ba861edf6aba75579d00b077d1b4db34b7c01d565b6d4 guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-setup-unsigned.exe 274b6ebd88fd17aac230099ceee6f40c49e5bf841e964a53f52024d04b6e447dfe guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-unsigned.tar.gz 289830bcba326f52fb0cc529826243b2f878a975e9ae70db09bf2358c6602b39dc guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64.zip
TheCharlatan commented at 2:07 pm on September 9, 2024: contributorGuix builds (aarch64):
0b3bcd9f7508b35b3f4a187e9f1e4c87648bf3897575c0c4db8664f1fe08c2cf4 guix-build-be4f78275fa6/output/aarch64-linux-gnu/SHA256SUMS.part 1356c7b9493887fc839e6b7951a3396085bfea33efce91070f972a69f60aac1f4 guix-build-be4f78275fa6/output/aarch64-linux-gnu/bitcoin-be4f78275fa6-aarch64-linux-gnu-debug.tar.gz 2e2887613ca5d1f929294487f86bd36ab6af0739d12625c6c661a35781c4f1523 guix-build-be4f78275fa6/output/aarch64-linux-gnu/bitcoin-be4f78275fa6-aarch64-linux-gnu.tar.gz 392514b0968dbc869cc40fa618576d92aeedebcc7b93b08355ce7e0ced96e8992 guix-build-be4f78275fa6/output/arm-linux-gnueabihf/SHA256SUMS.part 41e692efe2151693cd353ad584678718431aed1f3b26550b7708774c32f8f11b8 guix-build-be4f78275fa6/output/arm-linux-gnueabihf/bitcoin-be4f78275fa6-arm-linux-gnueabihf-debug.tar.gz 53182761dacaac998d2f4bf3c40d8f459ab6c61ea3912895e4fb4f5ef78814b0c guix-build-be4f78275fa6/output/arm-linux-gnueabihf/bitcoin-be4f78275fa6-arm-linux-gnueabihf.tar.gz 6498954cd93a28fa8cf710f0aaa096d91b4e920612188b7f3b2e61af28a9d7d6e guix-build-be4f78275fa6/output/arm64-apple-darwin/SHA256SUMS.part 722999d45e4c5e22b1279a4362abda833d51bed2f5c1d478ad8f9f73b8878def5 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin-unsigned.tar.gz 8286febd16cd27c9f5f71ea9b8f0e7dd1ee2bfb2dfa6f59cb43a229d02a460e25 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin-unsigned.zip 91dd8fb0de68f9598f245d2565d634fbae232ce2507019de83724f72c3835f8b8 guix-build-be4f78275fa6/output/arm64-apple-darwin/bitcoin-be4f78275fa6-arm64-apple-darwin.tar.gz 107e48a49b04818bab314d872cffd11aa41650b01717bc01edc461e50d5afcb428 guix-build-be4f78275fa6/output/dist-archive/bitcoin-be4f78275fa6.tar.gz 1165fae266d1a0bee5654bde79d02d9df9d0e0a35b517da1d8f227edb889171b8b guix-build-be4f78275fa6/output/powerpc64-linux-gnu/SHA256SUMS.part 1296ab98442b875cec7aa7ef927ae1ffb3ea047c1827f82e97ce3e2b5d942c8998 guix-build-be4f78275fa6/output/powerpc64-linux-gnu/bitcoin-be4f78275fa6-powerpc64-linux-gnu-debug.tar.gz 13fdb0639b6efe2baee6266c516f482ed36ed71965ba21a3706d0a61444792a700 guix-build-be4f78275fa6/output/powerpc64-linux-gnu/bitcoin-be4f78275fa6-powerpc64-linux-gnu.tar.gz 142ea0fa8ee3e33350a43cb153223ab9d11cb6520f300c08010784df2cdfd9e9b2 guix-build-be4f78275fa6/output/riscv64-linux-gnu/SHA256SUMS.part 1562c8961a668bee937eb9afa3ddf532a43f81402d55db4c9b16aeb3025e1f1a6a guix-build-be4f78275fa6/output/riscv64-linux-gnu/bitcoin-be4f78275fa6-riscv64-linux-gnu-debug.tar.gz 160fa073206c1b5723242317ff4564d1c78e2f2184464552c896fcd90a6fcc98fa guix-build-be4f78275fa6/output/riscv64-linux-gnu/bitcoin-be4f78275fa6-riscv64-linux-gnu.tar.gz 17674b1df15a79d891c17936fd2de46209e25ab1cf70136416dfc0936b560012c5 guix-build-be4f78275fa6/output/x86_64-apple-darwin/SHA256SUMS.part 18ae08548740f12a8c0053570aa9048c8de3db0c195f2360e39048556efe1f1027 guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin-unsigned.tar.gz 1924e42f85fae635448de1a538fb6be5cd7372260c049362d7b4f89e5876f94da3 guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin-unsigned.zip 203cd89ca037f9ffc8a42c9e83ddccc5fc49f7c365fcbed4c5ae50b6a243f8fffd guix-build-be4f78275fa6/output/x86_64-apple-darwin/bitcoin-be4f78275fa6-x86_64-apple-darwin.tar.gz 213ddcd9d6d618b2a1769baccaf5a4d6f44cf7ac4f6554c27be2aaa50dfc5efeca guix-build-be4f78275fa6/output/x86_64-linux-gnu/SHA256SUMS.part 2249f09f86a8b485ce0b55bb56a7f214021ea56a23e942e98a4994a01559761615 guix-build-be4f78275fa6/output/x86_64-linux-gnu/bitcoin-be4f78275fa6-x86_64-linux-gnu-debug.tar.gz 23fe0e969bdfeb3743074b51d2eee31da938110ec00f10b3e1d3fa8548d4400645 guix-build-be4f78275fa6/output/x86_64-linux-gnu/bitcoin-be4f78275fa6-x86_64-linux-gnu.tar.gz 24b6e26a5527d84fc65077c34b61b3d813e5aa3b76383eb13aab84b2282b1b27dc guix-build-be4f78275fa6/output/x86_64-w64-mingw32/SHA256SUMS.part 25fd2352c71357a7e239da30154ca056df1f2d31594e353f44d74841d786879840 guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-debug.zip 26521e156965a8bee4399ba861edf6aba75579d00b077d1b4db34b7c01d565b6d4 guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-setup-unsigned.exe 274b6ebd88fd17aac230099ceee6f40c49e5bf841e964a53f52024d04b6e447dfe guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64-unsigned.tar.gz 289830bcba326f52fb0cc529826243b2f878a975e9ae70db09bf2358c6602b39dc guix-build-be4f78275fa6/output/x86_64-w64-mingw32/bitcoin-be4f78275fa6-win64.zip
in contrib/devtools/security-check.py:135 in be4f78275f
130+ if match: 131+ chk_funcs.add(match.group(0)) 132+ 133+ # ignore stack-protector and bdb 134+ chk_funcs.discard('__stack_chk') 135+ chk_funcs.discard('__db_chk')
TheCharlatan commented at 2:22 pm on September 9, 2024:Bit unfortunate that this list has to be maintained, but I can’t think of a better way either.
fanquake commented at 8:55 am on September 10, 2024:Yea, it’s a bit annoying. At least post-BDB, it’ll just be “ignore the stack protector”.TheCharlatan approvedTheCharlatan commented at 2:23 pm on September 9, 2024: contributorACK be4f78275fa6608b11377dd5a29a809597d3fe8dDrahtBot requested review from laanwj on Sep 9, 2024DrahtBot added the label CI failed on Sep 9, 2024DrahtBot commented at 11:32 pm on September 9, 2024: contributorGuix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]
DrahtBot removed the label DrahtBot Guix build requested on Sep 9, 2024hebasto commented at 8:50 am on September 10, 2024: memberShouldn’t we check for the absence of unfortified versions of functions, rather than checking for the presence of fortified ones?fanquake commented at 8:54 am on September 10, 2024: memberShouldn’t we check for the absence of unfortified versions of functions, rather than checking for the presence of fortified ones?
Can you explain how that test would work? Not all functions are guaranteed to be fortified.
hebasto commented at 9:00 am on September 10, 2024: memberShouldn’t we check for the absence of unfortified versions of functions, rather than checking for the presence of fortified ones?
Can you explain how that test would work? Not all functions are guaranteed to be fortified.
- Get the list of fortified functions from all binaries.
- Create a list of the corresponding unfortified functions based on the list from step 1.
- Check for the absence of symbols from the list in step 2.
fanquake commented at 9:05 am on September 10, 2024: memberGet the list of fortified functions from all binaries.
This assumes that fortification is already working correctly, otherwise you’ll miss any (relevant) function that hasn’t been fortified at least one time.
Again, it’s not a bug to have unfortified functions. So I’m not sure what you are trying to acheive by turning that into a check failure. Can you explain further.
hebasto commented at 9:14 am on September 10, 2024: memberAgain, it’s not a bug to have unfortified functions.
Then how it can be classified?
So I’m not sure what you are trying to acheive by turning that into a check failure.
Fortified functions can be statically linked into executables from a toolchain that was built with fortification enabled, while the rest of the code remains unfortified. In that case, the current PR branch will report a false positive result, won’t it?
fanquake commented at 9:18 am on September 10, 2024: memberThen how it can be classified?
As expected behaviour, given that whether fortification occurs is dependant on various (compiler & libc) heuristics.
Fortified functions can be statically linked into executables from a toolchain that was built with fortification enabled, while the rest of the code remains unfortified. In that case, the current PR branch will report a false positive result, won’t it?
I don’t really understand what you mean. Can you give a specific example of a false positive/issue, in the context of our Guix environment/build.
hebasto commented at 9:43 am on September 10, 2024: memberCan you give a specific example of a false positive/issue, in the context of our Guix environment/build.
Sure. This branch clearly demonstrates false positive results for
bitcoind
andbitcoin-qt
:0b07d7f1b7e5f5eaf8649685e7f8e031e4ac078f87dbd27e0d732c2a578ef3c4c guix-build-423fc912bca9/output/dist-archive/bitcoin-423fc912bca9.tar.gz 1e7cce3c0bdf87e4583067fdf39aea50fb4c12fb0d52cbb78e3c7c0c967a9b215 guix-build-423fc912bca9/output/x86_64-linux-gnu/SHA256SUMS.part 2b14a23e900a0ed33a4cc6ca274070e793bb0c649155f2ecac236f3c58438c06c guix-build-423fc912bca9/output/x86_64-linux-gnu/bitcoin-423fc912bca9-x86_64-linux-gnu-debug.tar.gz 3a4e71897a197c0c27fa303cd701278ae2c2354e13db78bb7f74fa9ee191ab01a guix-build-423fc912bca9/output/x86_64-linux-gnu/bitcoin-423fc912bca9-x86_64-linux-gnu.tar.gz
fanquake commented at 9:58 am on September 10, 2024: memberSure. This branch clearly demonstrates false positive results for bitcoind and bitcoin-qt:
Thanks. I built this branch and inspected
bitcoind
, and it contains calls to fortified functions. i.e:0objdump -D /root/bitcoin/guix-build-423fc912bca9/output/x86_64-linux-gnu/bitcoin-423fc912bca9/bin/bitcoind 1<snip> 2 6f9afe: e8 cd dd 95 ff call 578d0 <__vsnprintf_chk@plt> 3 6fd0a1: e8 ba b1 95 ff call 58260 <__fprintf_chk@plt> 4 6fe135: e8 66 a0 95 ff call 581a0 <__fdelt_chk@plt> 5 6fe161: e8 3a a0 95 ff call 581a0 <__fdelt_chk@plt> 6 6fe1ec: e8 af 9f 95 ff call 581a0 <__fdelt_chk@plt> 7 6fe228: e8 73 9f 95 ff call 581a0 <__fdelt_chk@plt> 8 6fe410: e8 8b 9d 95 ff call 581a0 <__fdelt_chk@plt> 9 6fe461: e8 3a 9d 95 ff call 581a0 <__fdelt_chk@plt> 10 6fe47f: e8 1c 9d 95 ff call 581a0 <__fdelt_chk@plt> 11 6ff600: e8 1b 86 95 ff call 57c20 <__stack_chk_fail@plt> 12 6ff85c: e8 6f 8a 95 ff call 582d0 <__memcpy_chk@plt> 13 6ff951: e8 ca 82 95 ff call 57c20 <__stack_chk_fail@plt> 14<much more output>
So how is this a false positive?
fanquake commented at 10:04 am on September 10, 2024: memberThis commit deletes the source fortification logic from the build system altogether. Nevertheless, the check passes.
Yes, the check as implemented, which checks for (any) usage of fortified function calls in the binary, passes, because the binary contains calls to fortified functions.
fanquake merged this on Sep 12, 2024fanquake closed this on Sep 12, 2024
fanquake deleted the branch on Sep 12, 2024
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-27 06:12 UTC
More mirrored repositories can be found on mirror.b10c.me