diff options
| author | Gavin Andresen <gavinandresen@gmail.com> | 2011-09-26 06:12:59 -0700 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2011-09-26 06:12:59 -0700 |
| commit | 5df25e78db8257df5dc5f71073cb31d9ae16711c (patch) | |
| tree | 25e8a0c8065be14b052014172658ad7732dd2064 /doc | |
| parent | 17e2c24645a10354849dec917b31f364e9056d58 (diff) | |
| parent | 3f94dfa25fc1b0e838d368a9b2683a634cd3a60c (diff) | |
Merge pull request #513 from cjdelisle/feature-hardening
Hardening
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/build-unix.txt | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/doc/build-unix.txt b/doc/build-unix.txt index 4ecf15aa33..e608c25f06 100644 --- a/doc/build-unix.txt +++ b/doc/build-unix.txt @@ -106,3 +106,45 @@ If you need to build Boost yourself: sudo su ./bootstrap.sh ./bjam install + + +Security +-------- +To help make your bitcoin installation more secure by making certain attacks impossible to +exploit even if a vulnerability is found, you can take the following measures: + +* Position Independent Executable + Build position independent code to take advantage of Address Space Layout Randomization + offered by some kernels. An attacker who is able to cause execution of code at an arbitrary + memory location is thwarted if he doesn't know where anything useful is located. + The stack and heap are randomly located by default but this allows the code section to be + randomly located as well. + + On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error + such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;" + + To build with PIE, use: + make -f makefile.unix ... -e PIE=1 + + To test that you have built PIE executable, install scanelf, part of paxutils, and use: + scanelf -e ./bitcoin + + The output should contain: + TYPE + ET_DYN + +* Non-executable Stack + If the stack is executable then trivial stack based buffer overflow exploits are possible if + vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack + but if one of the libraries it uses asks for an executable stack or someone makes a mistake + and uses a compiler extension which requires an executable stack, it will silently build an + executable without the non-executable stack protection. + + To verify that the stack is non-executable after compiling use: + scanelf -e ./bitcoin + + the output should contain: + STK/REL/PTL + RW- R-- RW- + + The STK RW- means that the stack is readable and writeable but not executable. |