aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorcjdelisle <calebdelisle@lavabit.com>2011-09-08 12:50:54 -0400
committercjdelisle <calebdelisle@lavabit.com>2011-09-12 17:09:55 -0400
commit3f94dfa25fc1b0e838d368a9b2683a634cd3a60c (patch)
tree3ee5af1b50f6fcd2418ca18595dffb6d6a048767 /doc
parentf92f022edaa2f14951b9ce8304a304ff9693ae16 (diff)
Add some hardening to protect against unknown/future exploits.
Diffstat (limited to 'doc')
-rw-r--r--doc/build-unix.txt42
1 files changed, 42 insertions, 0 deletions
diff --git a/doc/build-unix.txt b/doc/build-unix.txt
index 8f0c568eda..62abb7b99a 100644
--- a/doc/build-unix.txt
+++ b/doc/build-unix.txt
@@ -107,3 +107,45 @@ If you need to build Boost yourself:
sudo su
./bootstrap.sh
./bjam install
+
+
+Security
+--------
+To help make your bitcoin installation more secure by making certain attacks impossible to
+exploit even if a vulnerability is found, you can take the following measures:
+
+* Position Independent Executable
+ Build position independent code to take advantage of Address Space Layout Randomization
+ offered by some kernels. An attacker who is able to cause execution of code at an arbitrary
+ memory location is thwarted if he doesn't know where anything useful is located.
+ The stack and heap are randomly located by default but this allows the code section to be
+ randomly located as well.
+
+ On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error
+ such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
+
+ To build with PIE, use:
+ make -f makefile.unix ... -e PIE=1
+
+ To test that you have built PIE executable, install scanelf, part of paxutils, and use:
+ scanelf -e ./bitcoin
+
+ The output should contain:
+ TYPE
+ ET_DYN
+
+* Non-executable Stack
+ If the stack is executable then trivial stack based buffer overflow exploits are possible if
+ vulnerable buffers are found. By default, bitcoin should be built with a non-executable stack
+ but if one of the libraries it uses asks for an executable stack or someone makes a mistake
+ and uses a compiler extension which requires an executable stack, it will silently build an
+ executable without the non-executable stack protection.
+
+ To verify that the stack is non-executable after compiling use:
+ scanelf -e ./bitcoin
+
+ the output should contain:
+ STK/REL/PTL
+ RW- R-- RW-
+
+ The STK RW- means that the stack is readable and writeable but not executable.