Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tools: make code cache and snapshot deterministic #29142

Closed
wants to merge 3 commits into from

Conversation

@bnoordhuis
Copy link
Member

commented Aug 15, 2019

Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
Math.random(), ASLR, the hash seed, etc.)

Fixes: #29108

bnoordhuis added 2 commits Aug 15, 2019
tools: make code cache and snapshot deterministic
Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: #29108
@nodejs-github-bot

This comment has been minimized.

@@ -26,6 +26,8 @@ int wmain(int argc, wchar_t* argv[]) {
int main(int argc, char* argv[]) {
#endif // _WIN32

v8::V8::SetFlagsFromString("--random_seed=42");

This comment has been minimized.

Copy link
@devsnek
@nodejs-github-bot

This comment has been minimized.

@bnoordhuis bnoordhuis force-pushed the bnoordhuis:fix29108 branch from 913a8bb to ed2c673 Aug 15, 2019

@nodejs-github-bot

This comment has been minimized.

@bnoordhuis

This comment has been minimized.

Copy link
Member Author

commented Aug 15, 2019

Hrm, looks like retrieval from the cache fails unless node is also started with --random_seed=42. The hash of the command line flags is part of the code cache's checksum.

I can work around that by resetting --random_seed=0 just before creating the code cache. Not super elegant but it does the trick. It's interesting that snapshot creation is unaffected.

@devsnek

This comment has been minimized.

Copy link
Member

commented Aug 15, 2019

also @nodejs/v8

@ChALkeR

This comment has been minimized.

Copy link
Member

commented Aug 15, 2019

Also /cc @nodejs/security @indutny just in case.

Thought I don't see how the seed for static (i.e. shared across runs and public) cache generation should affect security (for the reasons stated in #29108).

@joyeecheung

This comment has been minimized.

Copy link
Member

commented Aug 15, 2019

@Trott

This comment has been minimized.

Copy link
Member

commented Aug 19, 2019

Hrm, looks like retrieval from the cache fails unless node is also started with --random_seed=42. The hash of the command line flags is part of the code cache's checksum.

I can work around that by resetting --random_seed=0 just before creating the code cache. Not super elegant but it does the trick. It's interesting that snapshot creation is unaffected.

@bnoordhuis Would I be correct to conclude from the above comments that this shouldn't land yet?

@bnoordhuis

This comment has been minimized.

Copy link
Member Author

commented Aug 19, 2019

@Trott I incorporated the necessary fixes. bnoordhuis/io.js@ed2c673 is the fix but the timestamp may be throwing off GH because it shows up before my comment.

@Trott

This comment has been minimized.

Copy link
Member

commented Aug 20, 2019

Landed in 5116a6a

@Trott Trott closed this Aug 20, 2019

Trott added a commit that referenced this pull request Aug 20, 2019
tools: make code cache and snapshot deterministic
Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: #29108

PR-URL: #29142
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
targos added a commit that referenced this pull request Aug 20, 2019
tools: make code cache and snapshot deterministic
Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: #29108

PR-URL: #29142
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
@targos targos referenced this pull request Aug 20, 2019

@bnoordhuis bnoordhuis deleted the bnoordhuis:fix29108 branch Aug 20, 2019

@ChALkeR

This comment has been minimized.

Copy link
Member

commented Aug 20, 2019

@bnoordhuis Yes, I can confirm that this fixes the issue. Thanks!
Unzipping the same archive and building on Linux in the same path now produces identical results (zero differences between the dirs produced on two consecutive runs).

JeniaBR added a commit to JeniaBR/node that referenced this pull request Sep 11, 2019
tools: make code cache and snapshot deterministic
Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: nodejs#29108

PR-URL: nodejs#29142
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
JeniaBR added a commit to JeniaBR/node that referenced this pull request Sep 11, 2019
tools: make code cache and snapshot deterministic
Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: nodejs#29108

PR-URL: nodejs#29142
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.