bcearl (OP)
|
|
July 09, 2011, 08:16:11 AM |
|
I recommend to include the option -fstack-protector to the UNIX makefile. Many distributions (including Ubuntu) use it by default, but some others may not. Why does it make sense?On the one hand the Bitcoin client is supposed to be online and connected with many peers. On the other hand it handles data that must be kept secret at all costs. Thus the client processes messages from unknown peers all the time. If there is a bug in processing, there could be buffer overflows. Those could be exploited to take over the client. There are three common measurements at the moment against such attacks: - NX bit: a CPU feature that prevents data from being interpreted as code - address randomization: the Linux kernel gives each process different stack addresses every time - GCC stack protector: buffers on stack are surrounded by test data which makes it hard to overflow a buffer without being detected While the first two are configured by hardware and OS, the third one is configured at compile time. -fstack-protector Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits.
NOTE: In Ubuntu 6.10 and later versions this option is enabled by default for C, C++, ObjC, ObjC++, if none of -fno-stack-protector, -nostdlib, nor -ffreestanding are found. Any disadvantages?Of course every measurement of this kind affects Performance. But this affects only functions that have buffers of more than 8 bytes. And if you have built it on Ubuntu until now, you have had it activated anyway without knowing.
|
Misspelling protects against dictionary attacks NOT
|
|
|
wumpus
|
|
July 09, 2011, 09:00:51 AM |
|
Does it affect performance much?
If not, please submit a pull request, everything that makes bitcoind more safe against future exploits is good.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
bcearl (OP)
|
|
July 09, 2011, 09:25:38 AM |
|
Does it affect performance much?
If not, please submit a pull request, everything that makes bitcoind more safe against future exploits is good.
I could not see any performance differences, but I wanted to hear some more opinions. I didn't commit that yet because I don't know how such a change would affect people who want to use a compiler other than GCC. Will there be something like a ./configure script in the future? I think the flag must be set at the point where you know what compiler is used.
|
Misspelling protects against dictionary attacks NOT
|
|
|
dikidera
|
|
July 09, 2011, 01:45:52 PM |
|
<jtaylor> ubuntu enables -fstack-protector in hardening-wrapper Some random guy on IRC ^
|
|
|
|
Matt Corallo
|
|
July 09, 2011, 01:46:38 PM |
|
In Ubuntu 6.10 and later versions this option is enabled by default
Bitcoin is build on 10.04 LTS, so it looks like we are using it.
|
|
|
|
wumpus
|
|
July 09, 2011, 02:14:19 PM |
|
I've added the option to the build script of my client, seems to work OK in Linux and Mingw builds.
I did notice that it is important to provide the option to CXXFLAGS as well as LDFLAGS, otherwise it will give errors when linking.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
bcearl (OP)
|
|
July 09, 2011, 08:10:45 PM |
|
In Ubuntu 6.10 and later versions this option is enabled by default
Bitcoin is build on 10.04 LTS, so it looks like we are using it. That's great, so everybody who uses the binary from bitcoin.org is already having it.
|
Misspelling protects against dictionary attacks NOT
|
|
|
ampkZjWDQcqT
Member
Offline
Activity: 70
Merit: 10
GNU is not UNIX
|
|
July 10, 2011, 04:07:03 PM |
|
The root of this problem resides in Bitcoin not having a configure script.
|
If you found my comment useful please express your gratitude by doing an action of similar magnitude towards a better society. Thanks you!.
|
|
|
Matt Corallo
|
|
July 10, 2011, 04:08:33 PM |
|
The root of this problem resides in Bitcoin not having a configure script.
That has absolutely nothing to do with this problem.
|
|
|
|
bcearl (OP)
|
|
July 10, 2011, 05:39:47 PM |
|
The root of this problem resides in Bitcoin not having a configure script.
That has absolutely nothing to do with this problem. It has a lot. The configure script's job is to find out what's available. It would activate that option depending on the compiler that is used.
|
Misspelling protects against dictionary attacks NOT
|
|
|
Matt Corallo
|
|
July 10, 2011, 05:43:24 PM |
|
It has a lot. The configure script's job is to find out what's available. It would activate that option depending on the compiler that is used.
Since Bitcoin only supports gcc, its not a problem.
|
|
|
|
twobits
|
|
July 10, 2011, 10:25:40 PM |
|
The root of this problem resides in Bitcoin not having a configure script.
That has absolutely nothing to do with this problem. It has a lot. The configure script's job is to find out what's available. It would activate that option depending on the compiler that is used. It uses makefiles? Could just have it be a line in the makefile that someone can comment in or out for now.
|
█████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ►WhitePaper ►One-Pager | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | | ███ ███ ███ ███ ███ ███ ███ ███ ███ | █████ █████ ███████ █████ ███ █████████████ █████ ██ █████████████████ █████ █ ██████ ██████ █████ ████ ████ █████████████ █████ ████ █████████████ █████ ████ █████████████ █████ ████ █████ █████ █████ █ ██████ ███████ █████ ██ ███████████ █████ █████ ███ █████████ ████ █████ █████ ███████ ██ |
|
|
|
|
bcearl (OP)
|
|
July 11, 2011, 08:29:52 AM |
|
The root of this problem resides in Bitcoin not having a configure script.
That has absolutely nothing to do with this problem. It has a lot. The configure script's job is to find out what's available. It would activate that option depending on the compiler that is used. It uses makefiles? Could just have it be a line in the makefile that someone can comment in or out for now. That sucks. The upnp stuff in the makefile makes it a pain already.
|
Misspelling protects against dictionary attacks NOT
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
July 11, 2011, 02:37:25 PM |
|
As much as I despise working with autoconf, it seriously rocks.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8 I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
bcearl (OP)
|
|
July 12, 2011, 05:43:28 AM |
|
I don't care what tool you want to use, but use one, please ...
|
Misspelling protects against dictionary attacks NOT
|
|
|
error
|
|
July 12, 2011, 06:12:58 PM |
|
Oh, and it's not "makefile.unix", it's "Makefile"!
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
wumpus
|
|
July 12, 2011, 06:16:10 PM |
|
As much as I hate autoconf, it is going to be integrated in 0.4.x
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
Matt Corallo
|
|
July 12, 2011, 06:16:58 PM |
|
Oh, and it's not "makefile.unix", it's "Makefile"!
Not if you support three different OSes and more build environments. I don't care what tool you want to use, but use one, please ...
We do, we use make. For our purposes, it works fine if you have a sane build environment. That said, it would be great to switch to something more flexible. Though its not particularly high on the priorities list, if someone has time to do it, by all means please do, until then...make it is.
|
|
|
|
Matt Corallo
|
|
July 12, 2011, 06:17:41 PM |
|
As much as I hate autoconf, it is going to be integrated in 0.4.x
If someone gets around to writing it, yes. But as it stands, no one is really working on it, it might end up not making it for quite some time, and definitely won't be in in 0.4.
|
|
|
|
wumpus
|
|
July 12, 2011, 06:19:43 PM |
|
If someone gets around to writing it, yes. But as it stands, no one is really working on it, it might end up not making it for quite some time, and definitely won't be in in 0.4.
Huh, I understood that there is already a pull request for it, and it was planned to be integrated.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
|