build: fix ASLR for bitcoin-cli on Windows #18702
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ASLR is not currently working for the bitcoin-cli.exe binary. This is due to it not having a .reloc section, which is stripped by default by the mingw-w64 ld we use for gitian builds. A good summary of issues with ld and mingw-w64 is available in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld. This change is a temporary workaround, also the same one described here: https://www.kb.cert.org/vuls/id/307144/, that causes main() to be exported. Exporting a symbol will mean that the .reloc section is not stripped, and ASLR will function correctly.
Gitian builds
|
|
Thanks for the clear description of the issue in the OP and comment. ACK 315a4d3 (restarted failed travis run) |
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Apr 23, 2020
315a4d3 build: fix ASLR for bitcoin-cli on Windows (fanquake) Pull request description: ASLR is not currently working for the `bitcoin-cli.exe` binary. This is due to it not having a .reloc section, which is stripped by default by the mingw-w64 ld we use for gitian builds. A good summary of issues with ld and mingw-w64 is available in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld. This change is a temporary workaround, also the same one described here: https://www.kb.cert.org/vuls/id/307144/, that causes main() to be exported. Exporting a symbol will mean that the .reloc section is not stripped, and ASLR will function correctly. Ultimately, this will be fixed by using a newer version of binutils (that has this [change](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=dc9bd8c92af67947db44b3cb428c050259b15cd0)). Whether that's through bumping our gitian distro, or Guix. Related to bitcoin#18629, which has a bunch of additional information in the PR description. If you would like to verify whether or not ASLR is indeed working, with or without this change. One easy way to check is using a tool like [VMMap](https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap). Here are the memory mappings for the 0.20.0rc1 `bitcoind.exe` and `bitcoin-cli.exe` binaries. You'll notice that over machine restarts, even though the image is marked `(ASLR)` (which I assume may be due to the header bit being set), no ASLR is actually occuring for `bitcoin-cli.exe`: #### bitcoind.exe    #### bitcoin-cli.exe    ACKs for top commit: dongcarl: ACK 315a4d3 laanwj: ACK 315a4d3 Tree-SHA512: 95f4dc15420ed9bcdeacb763e11c3c7e563eec594a172746fa0346c13f97db3a8769357dffc89fea1e57ae67133f337b1013a73b584662f5b6c4d251ca20a2b1
fanquake
added a commit
to fanquake/bitcoin
that referenced
this pull request
Apr 23, 2020
ASLR is not currently working for the bitcoin-cli.exe binary. This is due to it not having a .reloc section, which is stripped by default by the mingw-w64 ld we use for gitian builds. A good summary of issues with ld and mingw-w64 is available in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld. This change is a temporary workaround, also the same one described here: https://www.kb.cert.org/vuls/id/307144/, that causes main() to be exported. Exporting a symbol will mean that the .reloc section is not stripped, and ASLR will function correctly. Github-Pull: bitcoin#18702 Rebased-From: 315a4d3
Merged
laanwj
added a commit
that referenced
this pull request
May 11, 2020
7f7548d rpc: Do not advertise dumptxoutset as a way to flush the chainstate (MarcoFalke) a9ca65b Fix naming of macOS SDK and clarify version (Andrew Chow) 54d2063 Do not expose and consider -logthreadnames when it does not work (Hennadii Stepanov) 6986b26 build: fix ASLR for bitcoin-cli on Windows (fanquake) 1d1e358 build: Set libevent minimum version to 2.0.21 (Hennadii Stepanov) 842b13a Avoid non-trivial global constants in SHA-NI code (Pieter Wuille) ade4185 gitian: Add missing automake package to gitian-win-signer.yml (Andrew Chow) Pull request description: Currently backports the following to the 0.20 branch: * #18598 - gitian: Add missing automake package to gitian-win-signer.yml * #18702 - build: fix ASLR for bitcoin-cli on Windows * #18676 - build: Check libevent minimum version in configure script * #18665 - Do not expose and consider -logthreadnames when it does not work * #18553 - Avoid non-trivial global constants in SHA-NI code * #18589 - Fix naming of macOS SDK and clarify version ACKs for top commit: laanwj: ACK 7f7548d Tree-SHA512: 2cba748414a440e3fb901940085a7ae059e8b926c9187fbbbdeb7846a32e7374f318cc21e499c911ff803c42aef2c844b04af10b87f9c5a2b3edf6deb03ebb04
fanquake
added a commit
to fanquake/bitcoin
that referenced
this pull request
Jan 15, 2021
The binutils we use for gitian builds strips the reloc section from Windows binaries, which breaks ASLR. As a temporary workaround, export main(). This is the same workaround as bitcoin#18702 (bitcoin-cli), and will fix the currently failing security check: ```bash + make -j1 -C src check-security make: Entering directory '/home/ubuntu/build/bitcoin/distsrc-x86_64-w64-mingw32/src' Checking binary security... bitcoin-util.exe: failed RELOC_SECTION make: *** [check-security] Error 1 ``` Relevant upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
fanquake
added a commit
to fanquake/bitcoin
that referenced
this pull request
Jan 15, 2021
The binutils we use for gitian builds strips the reloc section from Windows binaries, which breaks ASLR. As a temporary workaround, export main(). This is the same workaround as bitcoin#18702 (bitcoin-cli), and will fix the currently failing security check: ```bash + make -j1 -C src check-security make: Entering directory '/home/ubuntu/build/bitcoin/distsrc-x86_64-w64-mingw32/src' Checking binary security... bitcoin-util.exe: failed RELOC_SECTION make: *** [check-security] Error 1 ``` Relevant upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
laanwj
added a commit
that referenced
this pull request
Jan 17, 2021
c061800 build: fix RELOC_SECTION security check for bitcoin-util (fanquake) Pull request description: The binutils we use for gitian builds strips the reloc section from Windows binaries, which breaks ASLR. As a temporary workaround, export main(). This is the same workaround as #18702 (bitcoin-cli), and will fix the currently failing security check: ```bash + make -j1 -C src check-security make: Entering directory '/home/ubuntu/build/bitcoin/distsrc-x86_64-w64-mingw32/src' Checking binary security... bitcoin-util.exe: failed RELOC_SECTION make: *** [check-security] Error 1 ``` Relevant upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=19011 ACKs for top commit: dongcarl: ACK c061800 laanwj: ACK c061800 Tree-SHA512: a1a4da0b2cddfc377190b9044a04f42a859ca79f11ce2c2ab4c3d066a2786c34d5446d75f8eec634f308d2d3349ebbd7c9f76dcaebeeb28e471c829851592367
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jan 17, 2021
…oin-util c061800 build: fix RELOC_SECTION security check for bitcoin-util (fanquake) Pull request description: The binutils we use for gitian builds strips the reloc section from Windows binaries, which breaks ASLR. As a temporary workaround, export main(). This is the same workaround as bitcoin#18702 (bitcoin-cli), and will fix the currently failing security check: ```bash + make -j1 -C src check-security make: Entering directory '/home/ubuntu/build/bitcoin/distsrc-x86_64-w64-mingw32/src' Checking binary security... bitcoin-util.exe: failed RELOC_SECTION make: *** [check-security] Error 1 ``` Relevant upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=19011 ACKs for top commit: dongcarl: ACK c061800 laanwj: ACK c061800 Tree-SHA512: a1a4da0b2cddfc377190b9044a04f42a859ca79f11ce2c2ab4c3d066a2786c34d5446d75f8eec634f308d2d3349ebbd7c9f76dcaebeeb28e471c829851592367
remyers
pushed a commit
to remyers/bitcoin
that referenced
this pull request
Jan 26, 2021
The binutils we use for gitian builds strips the reloc section from Windows binaries, which breaks ASLR. As a temporary workaround, export main(). This is the same workaround as bitcoin#18702 (bitcoin-cli), and will fix the currently failing security check: ```bash + make -j1 -C src check-security make: Entering directory '/home/ubuntu/build/bitcoin/distsrc-x86_64-w64-mingw32/src' Checking binary security... bitcoin-util.exe: failed RELOC_SECTION make: *** [check-security] Error 1 ``` Relevant upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
backpacker69
referenced
this pull request
in peercoin/peercoin
Mar 28, 2021
ASLR is not currently working for the bitcoin-cli.exe binary. This is due to it not having a .reloc section, which is stripped by default by the mingw-w64 ld we use for gitian builds. A good summary of issues with ld and mingw-w64 is available in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld. This change is a temporary workaround, also the same one described here: https://www.kb.cert.org/vuls/id/307144/, that causes main() to be exported. Exporting a symbol will mean that the .reloc section is not stripped, and ASLR will function correctly. Github-Pull: #18702 Rebased-From: 315a4d3
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ASLR is not currently working for the
bitcoin-cli.exebinary. This isdue to it not having a .reloc section, which is stripped by default by
the mingw-w64 ld we use for gitian builds. A good summary of issues with
ld and mingw-w64 is available in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
All other Windows binaries that we distribute (bitcoind, bitcoin-qt,
bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue,
and currently having working ASLR. This is due to them exporting
(inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc
section is not stripped by ld.
This change is a temporary workaround, also the same one described here:
https://www.kb.cert.org/vuls/id/307144/, that causes main() to be
exported. Exporting a symbol will mean that the .reloc section is not
stripped, and ASLR will function correctly.
Ultimately, this will be fixed by using a newer version of binutils (that has this change). Whether that's through bumping our gitian distro, or Guix.
Related to #18629, which has a bunch of additional information in the PR description. If you would like to verify whether or not ASLR is indeed working, with or without this change. One easy way to check is using a tool like VMMap.
Here are the memory mappings for the 0.20.0rc1
bitcoind.exeandbitcoin-cli.exebinaries. You'll notice that over machine restarts, even though the image is marked(ASLR)(which I assume may be due to the header bit being set), no ASLR is actually occuring forbitcoin-cli.exe:bitcoind.exe
bitcoin-cli.exe