commit
5df25e78db
@ -106,3 +106,45 @@ If you need to build Boost yourself:
|
|||||||
sudo su
|
sudo su
|
||||||
./bootstrap.sh
|
./bootstrap.sh
|
||||||
./bjam install
|
./bjam install
|
||||||
|
|
||||||
|
|
||||||
|
Security
|
||||||
|
--------
|
||||||
|
To help make your bitcoin installation more secure by making certain attacks impossible to
|
||||||
|
exploit even if a vulnerability is found, you can take the following measures:
|
||||||
|
|
||||||
|
* Position Independent Executable
|
||||||
|
Build position independent code to take advantage of Address Space Layout Randomization
|
||||||
|
offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
|
||||||
|
memory location is thwarted if he doesn't know where anything useful is located.
|
||||||
|
The stack and heap are randomly located by default but this allows the code section to be
|
||||||
|
randomly located as well.
|
||||||
|
|
||||||
|
On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
|
||||||
|
such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
|
||||||
|
|
||||||
|
To build with PIE, use:
|
||||||
|
make -f makefile.unix ... -e PIE=1
|
||||||
|
|
||||||
|
To test that you have built PIE executable, install scanelf, part of paxutils, and use:
|
||||||
|
scanelf -e ./bitcoin
|
||||||
|
|
||||||
|
The output should contain:
|
||||||
|
TYPE
|
||||||
|
ET_DYN
|
||||||
|
|
||||||
|
* Non-executable Stack
|
||||||
|
If the stack is executable then trivial stack based buffer overflow exploits are possible if
|
||||||
|
vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
|
||||||
|
but if one of the libraries it uses asks for an executable stack or someone makes a mistake
|
||||||
|
and uses a compiler extension which requires an executable stack, it will silently build an
|
||||||
|
executable without the non-executable stack protection.
|
||||||
|
|
||||||
|
To verify that the stack is non-executable after compiling use:
|
||||||
|
scanelf -e ./bitcoin
|
||||||
|
|
||||||
|
the output should contain:
|
||||||
|
STK/REL/PTL
|
||||||
|
RW- R-- RW-
|
||||||
|
|
||||||
|
The STK RW- means that the stack is readable and writeable but not executable.
|
||||||
|
@ -36,8 +36,36 @@ LIBS+= \
|
|||||||
-l pthread
|
-l pthread
|
||||||
|
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
# Make some classes of vulnerabilities unexploitable in case one is discovered.
|
||||||
|
#
|
||||||
|
# Stack Canaries
|
||||||
|
# Put numbers at the beginning of each stack frame and check that they are the same.
|
||||||
|
# If a stack buffer if overflowed, it writes over the canary number and then on return
|
||||||
|
# when that number is checked, it won't be the same and the program will exit with
|
||||||
|
# a "Stack smashing detected" error instead of being exploited.
|
||||||
|
HARDENING=-fstack-protector-all -Wstack-protector
|
||||||
|
|
||||||
|
# Make some important things such as the global offset table read only as soon as
|
||||||
|
# the dynamic linker is finished building it. This will prevent overwriting of addresses
|
||||||
|
# which would later be jumped to.
|
||||||
|
HARDENING+=-Wl,-z,relro -Wl,-z,now
|
||||||
|
|
||||||
|
# Build position independent code to take advantage of Address Space Layout Randomization
|
||||||
|
# offered by some kernels.
|
||||||
|
# see doc/build-unix.txt for more information.
|
||||||
|
ifdef PIE
|
||||||
|
HARDENING+=-fPIE -pie
|
||||||
|
endif
|
||||||
|
|
||||||
|
# -D_FORTIFY_SOURCE=2 does some checking for potentially exploitable code patterns in
|
||||||
|
# the source such overflowing a statically defined buffer.
|
||||||
|
HARDENING+=-D_FORTIFY_SOURCE=2
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
DEBUGFLAGS=-g -D__WXDEBUG__
|
DEBUGFLAGS=-g -D__WXDEBUG__
|
||||||
CXXFLAGS=-O2 -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS)
|
CXXFLAGS=-O2 -Wno-invalid-offsetof -Wformat $(DEBUGFLAGS) $(DEFS) $(HARDENING)
|
||||||
HEADERS = \
|
HEADERS = \
|
||||||
base58.h \
|
base58.h \
|
||||||
bignum.h \
|
bignum.h \
|
||||||
|
Loading…
Reference in New Issue
Block a user