Bitcoin Forum
December 06, 2016, 10:19:30 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: GCC recommendation: -fstack-protector  (Read 4301 times)
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
July 12, 2011, 06:32:14 PM
 #21

Huh, I understood that there is already a pull request for it, and it was planned to be integrated.
That was the plan, but the guy who wrote it has given up communicating and updating it with various suggestions.  Its also (from what I hear from people with more autotools experience) very poorly coded. So it sits in a "there is no way we are going to pull this, please update it" state.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
1481019570
Hero Member
*
Offline Offline

Posts: 1481019570

View Profile Personal Message (Offline)

Ignore
1481019570
Reply with quote  #2

1481019570
Report to moderator
1481019570
Hero Member
*
Offline Offline

Posts: 1481019570

View Profile Personal Message (Offline)

Ignore
1481019570
Reply with quote  #2

1481019570
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481019570
Hero Member
*
Offline Offline

Posts: 1481019570

View Profile Personal Message (Offline)

Ignore
1481019570
Reply with quote  #2

1481019570
Report to moderator
1481019570
Hero Member
*
Offline Offline

Posts: 1481019570

View Profile Personal Message (Offline)

Ignore
1481019570
Reply with quote  #2

1481019570
Report to moderator
1481019570
Hero Member
*
Offline Offline

Posts: 1481019570

View Profile Personal Message (Offline)

Ignore
1481019570
Reply with quote  #2

1481019570
Report to moderator
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2016



View Profile
July 18, 2011, 01:26:51 AM
 #22

It's probably worth mentioning that the default static linking defeats ASLR, ... which is probably a more important security enhancement than -fstack-protector.

The default build should probably not statically link— if you've got the libraries then you can dynamically link them.  It should also be compiled -pie -fPIE.

There appears to be good general hardening advice here: http://wiki.debian.org/Hardening
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
July 18, 2011, 02:16:01 AM
 #23

The default build should probably not statically link
Oh god how I'd love to not have to static link anything or build anything for Linux anymore.  But as it stands now, thats not really an option.  First, we use a development release of wx, meaning it is in no package repos anywhere so you cant require people to install that.  Secondly, we use ECC which is stripped out of openssl on all redhat-based distros due to copyright concerns.  Lastly, we don't have distro-packages so there is no way for us to create package dependencies for bitcoin aside from instillation instructions which gets very, very user unfriendly.  When we make a switch to QT all that can go away and we can get into distro packages for everything (except redhat-based distros...).  If you are talking about on windows, well, what other option is there? Either you ship your own libraries, in which case the argument is invalid, or you ship static, like every other sane program on Windows.  Windows just doesn't have a way to get dependencies like Linux (really a shame, you'd think after this many years Microsoft and Apple could have caught up with Linux on this one).

It should also be compiled -pie -fPIE.

There appears to be good general hardening advice here: http://wiki.debian.org/Hardening
By all means, pull request away Wink

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 18, 2011, 02:43:13 AM
 #24

It's indeed a good thing to static-link the distributed binaries. Nearly all projects that distribute distribution-agnostic binaries for Linux distribute a statically-linked version. The remaining ones package the .so's, as a poor-mans static linking Smiley

On the other hand, when building from source (and building distribution-specific) it doesn't have to default to static linking (and can include all the PIE you want :p). That's currently just an artifact of the inflexibility of "make". As mentioned, a configurable build system like autotools would address this by providing options such as --with-static.

BTW here some links about the PIE thing, I found it pretty interesting:

https://secure.wikimedia.org/wikipedia/en/wiki/Position-independent_code
https://wiki.ubuntu.com/Security/Features#Built%20as%20PIE

Most notably:
"PIE has a large (5-10%) performance penalty on architectures with small numbers of general registers (e.g. x86), ... PIE on x86_64 does not have the same penalties, and will eventually be made the default, but more testing is required"

So it should probably be enabled by default for x86_64 but not x86_32.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2016



View Profile
July 18, 2011, 04:05:12 AM
 #25

On the other hand, when building from source (and building distribution-specific) it doesn't have to default to static linking (and can include all the PIE you want :p). That's currently just an artifact of the inflexibility of "make". As mentioned, a configurable build system like autotools would address this by providing options such as --with-static.

Right, this was what I meant.  Obviously the shipped binaries will need to be statically linked, alas.   Thats still no reason to leave everyone else statically linked.

You don't need autotools for this: just add another target "make static-dist", or whatever.

For me, on Fedora, the static builds fail because the distribution doesn't ship with static versions of pretty much _anything_ because the overuse of static libraries has been a reoccurring security nightmare.  So, really, for some people the failure to separate static and not static builds means that building simply doesn't work.

Oh, while we're talking about this— it was claimed upthread that bitcoin should already have -fstack-protector — I don't know about Ubuntu, but in fedora -fstack-protector is set via the default RPM cflags, and _not_ by modifying GCC.  If the same is true on ubuntu, then bitcoind doesn't have it.  Someone with ubuntu handy ought to compile the examples from that debian page and see if gcc in ubuntu is really providing the protection by default.


Quote
Most notably:
"PIE has a large (5-10%) performance penalty on architectures with small numbers of general registers (e.g. x86), ... PIE on x86_64 does not have the same penalties, and will eventually be made the default, but more testing is required"
So it should probably be enabled by default for x86_64 but not x86_32.

This is only the case for tight loop register starved cpu bound code.  Bitcoin is usually I/O bound.   I've been running bitcoin in _valgrind_  (which run most things things at 1/10th to 1/20th speed) and hardly notice any difference except while syncing up the blockchain.

I'm seriously doubtful that PIE is going to make a noticeable performance difference.  Also, the libraries on any system are all already fpic, and all the crypto stuff is already in libraries,  Moreover, there is a pretty easy answer to someone who wants more performance: use x86_64, which is generally true (esp for C++ code) with or without PIE.

wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 18, 2011, 04:52:13 AM
 #26

Moreover, there is a pretty easy answer to someone who wants more performance: use x86_64, which is generally true (esp for C++ code) with or without PIE.
One would think that it is mainly the 32-bit systems that need every bit of extra performance Smiley

The only place in which performance matters, indeed, is the initial sync-up with the block chain. After that, traffic is so low that crypto speed doesn't matter much.

And I wouldn't be surprised either if much of the slowless on initial block chain download was caused by disk access, not CPU load. I once tried to bootstrap bitcoin on an USB stick. Bad idea  Angry

You don't need autotools for this: just add another target "make static-dist", or whatever.
Feel free to send a pull request.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
August 06, 2011, 11:54:57 AM
 #27

We do, we use make.  For our purposes, it works fine if you have a sane build environment.

An environment with uupnp is not sane.

Misspelling protects against dictionary attacks NOT
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!