From 4bfcbbfd4a9749f7954e37a7447b5f047465bdf8 Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Wed, 17 May 2023 14:36:27 +0100
Subject: doc: remove Security section from build-unix.md

Our compile documentation isn't the right place for genric binary
hardening notes, which are neither particularly Bitcoin-Core specific,
or as relevant as they might have once been, i.e non-executable stacks
are now just the norm.

Just remove the notes for now, if someone has
something more interesting/Bitcoin Core specific, it could be added in
separate documentation in the future (maybe into the devwiki or
similar).

Split from
https://github.com/bitcoin/bitcoin/pull/27685#discussion_r1196517868.
---
 doc/build-unix.md | 46 ----------------------------------------------
 1 file changed, 46 deletions(-)

diff --git a/doc/build-unix.md b/doc/build-unix.md
index 0c761d9043..3633d4f811 100644
--- a/doc/build-unix.md
+++ b/doc/build-unix.md
@@ -184,52 +184,6 @@ export BDB_PREFIX="/path/to/bitcoin/depends/x86_64-pc-linux-gnu"
 
 **Note**: You only need Berkeley DB if the legacy wallet is enabled (see [*Disable-wallet mode*](#disable-wallet-mode)).
 
-Security
---------
-To help make your Bitcoin Core installation more secure by making certain attacks impossible to
-exploit even if a vulnerability is found, binaries are hardened by default.
-This can be disabled with:
-
-Hardening Flags:
-
-    ./configure --enable-hardening
-    ./configure --disable-hardening
-
-
-Hardening enables the following features:
-* _Position Independent Executable_: Build position independent code to take advantage of Address Space Layout Randomization
-    offered by some kernels. Attackers who can cause execution of code at an arbitrary memory
-    location are thwarted if they don't know where anything useful is located.
-    The stack and heap are randomly located by default, but this allows the code section to be
-    randomly located as well.
-
-    On an AMD64 processor where a library was not compiled with -fPIC, this will cause an error
-    such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;"
-
-    To test that you have built PIE executable, install scanelf, part of paxutils, and use:
-
-        scanelf -e ./bitcoin
-
-    The output should contain:
-
-     TYPE
-    ET_DYN
-
-* _Non-executable Stack_: If the stack is executable then trivial stack-based buffer overflow exploits are possible if
-    vulnerable buffers are found. By default, Bitcoin Core should be built with a non-executable stack,
-    but if one of the libraries it uses asks for an executable stack or someone makes a mistake
-    and uses a compiler extension which requires an executable stack, it will silently build an
-    executable without the non-executable stack protection.
-
-    To verify that the stack is non-executable after compiling use:
-    `scanelf -e ./bitcoin`
-
-    The output should contain:
-    STK/REL/PTL
-    RW- R-- RW-
-
-    The STK RW- means that the stack is readable and writeable but not executable.
-
 Disable-wallet mode
 --------------------
 When the intention is to only run a P2P node, without a wallet, Bitcoin Core can
-- 
cgit v1.2.3