depends: harden libevent #27118
Merged
depends: harden libevent #27118
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
fanquake
force-pushed
the
harden_libevent
branch
from
e8cb6e6 to
778e34e
Compare
Member
Author
|
Changed the approach here, from using libevents own hardening option (might send some fixes upstream), and a patch, to just using |
Member
|
Do you have a before/after count for hardened functions? |
Member
Author
Using GCC 13 and glibc 2.37 (with only this branch): # master
nm -C src/bitcoind | grep _chk
U __fprintf_chk@GLIBC_2.17
U __memcpy_chk@GLIBC_2.17
U __snprintf_chk@GLIBC_2.17
U __stack_chk_fail@GLIBC_2.17
U __stack_chk_guard@GLIBC_2.17
U __vsnprintf_chk@GLIBC_2.17
objdump -d src/bitcoind | grep "_chk@plt" | wc -l
32
# this branch
nm -C src/bitcoind | grep _chk
U __fdelt_chk@GLIBC_2.17
U __fprintf_chk@GLIBC_2.17
U __memcpy_chk@GLIBC_2.17
U __memmove_chk@GLIBC_2.17
U __memset_chk@GLIBC_2.17
U __snprintf_chk@GLIBC_2.17
U __stack_chk_fail@GLIBC_2.17
U __stack_chk_guard@GLIBC_2.17
U __vsnprintf_chk@GLIBC_2.17
objdump -d src/bitcoind | grep "_chk@plt" | wc -l
54If I combine with our own use of FORTIFY_SOURCE=3: nm -C src/bitcoind | grep _chk
U __fdelt_chk@GLIBC_2.17
U __fprintf_chk@GLIBC_2.17
U __memcpy_chk@GLIBC_2.17
U __memmove_chk@GLIBC_2.17
U __memset_chk@GLIBC_2.17
U __snprintf_chk@GLIBC_2.17
U __stack_chk_fail@GLIBC_2.17
U __stack_chk_guard@GLIBC_2.17
U __vsnprintf_chk@GLIBC_2.17
objdump -d src/bitcoind | grep "_chk@plt" | wc -l
81 |
Member
The previous 974e44c0a0e692e1e11e7c067699db94f55ce464 commit, being combined with the current 778e34e8625cc83d0e5a93493c71f01712bef81d one, should work for older compilers as well, no? |
Member
Author
I changed the approach because I don't want us to use the gcc-hardening option. |
sedited
approved these changes
Feb 20, 2023
Contributor
sedited
left a comment
sedited
left a comment
There was a problem hiding this comment.
ACK 778e34e8625cc83d0e5a93493c71f01712bef81d
fanquake
force-pushed
the
harden_libevent
branch
from
778e34e to
ff4a73a
Compare
Member
Author
|
Rebased on top of #27027. |
Contributor
|
ACK ff4a73a |
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Feb 28, 2023
ff4a73a depends: use FORTIFY_SOURCE=3 with libevent (fanquake) Pull request description: Use `FORTIFY_SOURCE=3` when building libevent in depends. I've upstreamed a change to switch libevent from using =2 to =3 as well: libevent/libevent#1418. Solves half of bitcoin#27038, by giving us some fortified funcs in `bitcoin-cli`. ACKs for top commit: TheCharlatan: ACK ff4a73a Tree-SHA512: eaf692ec92b288f0cb524c011fc81529f58efa4c43d418a7b3ae7108eba2bccba708a81a28ac6d063267be80ca615637c6e3fccc02497d7367af2eaae0e8d812
Member
|
This PR introduced a regression when building with depends and disabled hardening: |
Member
Author
Followup for discussion in 27406. |
fanquake
added a commit
to fanquake/bitcoin
that referenced
this pull request
Apr 4, 2023
Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after bitcoin#27118), if building with depends, and configuring with --disable-hardening. See: bitcoin#27118 (comment). This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging.
fanquake
added a commit
to bitcoin-core/gui
that referenced
this pull request
Apr 5, 2023
436df1e depends: add NO_HARDEN option (fanquake) Pull request description: Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link `libssp` for Windows builds, they now fail (after #27118), if building with depends, and configuring with `--disable-hardening` (Windows is the odd build out here). See: bitcoin/bitcoin#27118 (comment). This change would add a depends option such that, if someone wants to build with depends, for Windows, without hardening, they can do so. This may also be useful when building for debugging. ACKs for top commit: hebasto: re-ACK 436df1e Tree-SHA512: 5a3ef5ec87b10a5ad0a284201988ce94789451735c7c7e20d337f7232955b0b9a0addab1c3b5725755f00d8ce6741aa9c8cb5e3d48d926515b7dde46acdbcaa0
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Apr 5, 2023
436df1e depends: add NO_HARDEN option (fanquake) Pull request description: Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link `libssp` for Windows builds, they now fail (after bitcoin#27118), if building with depends, and configuring with `--disable-hardening` (Windows is the odd build out here). See: bitcoin#27118 (comment). This change would add a depends option such that, if someone wants to build with depends, for Windows, without hardening, they can do so. This may also be useful when building for debugging. ACKs for top commit: hebasto: re-ACK 436df1e Tree-SHA512: 5a3ef5ec87b10a5ad0a284201988ce94789451735c7c7e20d337f7232955b0b9a0addab1c3b5725755f00d8ce6741aa9c8cb5e3d48d926515b7dde46acdbcaa0
marcosptf
pushed a commit
to marcosptf/bitcoin-labs
that referenced
this pull request
Apr 9, 2023
Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after #27118), if building with depends, and configuring with --disable-hardening. See: bitcoin/bitcoin#27118 (comment). This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging.
RandyMcMillan
pushed a commit
to RandyMcMillan/bitcoin
that referenced
this pull request
May 27, 2023
Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after bitcoin#27118), if building with depends, and configuring with --disable-hardening. See: bitcoin#27118 (comment). This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging.
janus
pushed a commit
to BitgesellOfficial/bitgesell
that referenced
this pull request
Sep 3, 2023
Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after #27118), if building with depends, and configuring with --disable-hardening. See: bitcoin/bitcoin#27118 (comment). This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging.
backpacker69
pushed a commit
to peercoin/peercoin
that referenced
this pull request
Mar 5, 2024
Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after #27118), if building with depends, and configuring with --disable-hardening. See: bitcoin/bitcoin#27118 (comment). This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use
FORTIFY_SOURCE=3when building libevent in depends. I've upstreamed a change to switch libevent from using =2 to =3 as well: libevent/libevent#1418.Solves half of #27038, by giving us some fortified funcs in
bitcoin-cli.