devtools: Add security check for separate_code
6a2e72e179e9
Actions

Description

devtools: Add security check for separate_code

Summary:
Check that sections are appropriately separated in virtual memory,
based on their (expected) permissions. This checks for missing
-Wl,-z,separate-code and potentially other problems.

Co-authored-by: fanquake <fanquake@gmail.com>

This is a partial backport of core#19525 and core#20346
https://github.com/bitcoin/bitcoin/pull/19525/commits/65d0f1a53354fb25c8152ee5b430cf57e6508594

Depends on D13575

Test Plan:

cd contrib/devtools/
./test-security-check.py

Some of the tests may fail for unrelated reasons, but check that test_ELF passes.

Run also gitian builds on CI.

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D13578

Details

Provenance

Wladimir J. van der Laan <laanwj@protonmail.com>	Authored on Jul 22 2020, 14:00
PiRK	Committed on Apr 5 2023, 15:44
PiRK	Pushed on Apr 5 2023, 15:44

Reviewer

Restricted Project

Differential Revision

D13578: devtools: Add security check for separate_code

Parents

rABCd3250362b342: build: add -Wl,-z,separate-code to hardening flags

Branches

Unknown

Tags

Unknown

Event Timeline

PiRK committed rABC6a2e72e179e9: devtools: Add security check for separate_code (authored by Wladimir J. van der Laan <laanwj@protonmail.com>).Apr 5 2023, 15:44

PiRK added an edge: D13578: devtools: Add security check for separate_code.

Changes (2)

Path

Size

contrib/

devtools/

security-check.py

test-security-check.py

rABC6a2e72e179e9

View Options

contrib/devtools/security-check.py