build: disable v8 snapshots

Snapshots speed up start-up by a few milliseconds but are potentially dangerous because of the fixed hash seed that is used for strings and dictionaries, making collision denial-of-service attacks possible. Release builds on iojs.org have snapshots disabled but source builds did not, until now. The risk for individual source builds is low; the binary gets a random 32 bits hash seed that should be hard to guess by an external attacker. It's when binaries are distributed by, for example, a distro vendor that the fixed hash seed becomes a vulnerability, because then it's possible to target a large group of people at once. People that really need the faster start-up time can use the new --with-snapshot configure flag. Cherry picked from bnoordhuis/io.js@4f68369 Original commit metadata below: PR-URL: nodejs/node#585 Reviewed-By: Bert Belder <bertbelder@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Rod Vagg <rod@vagg.org>
orangemocha · Jul 7, 2015 · f518a49 · f518a49
1 parent f657d02
commit f518a49
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 17 deletions.
diff --git a/Makefile b/Makefile
@@ -307,11 +307,11 @@ $(PKG): release-only
 	rm -rf $(PKGDIR)
 	rm -rf out/deps out/Release
 	$(PYTHON) ./configure --download=all --with-intl=small-icu \
-		--without-snapshot --dest-cpu=ia32 --tag=$(TAG)
+		--dest-cpu=ia32 --tag=$(TAG)
 	$(MAKE) install V=$(V) DESTDIR=$(PKGDIR)/32
 	rm -rf out/deps out/Release
 	$(PYTHON) ./configure --download=all --with-intl=small-icu \
-		--without-snapshot --dest-cpu=x64 --tag=$(TAG)
+		--dest-cpu=x64 --tag=$(TAG)
 	$(MAKE) install V=$(V) DESTDIR=$(PKGDIR)
 	SIGN="$(APP_SIGN)" PKGDIR="$(PKGDIR)" bash tools/osx-codesign.sh
 	lipo $(PKGDIR)/32/usr/local/bin/node \
@@ -344,7 +344,7 @@ $(BINARYTAR): release-only
 	rm -rf $(BINARYNAME)
 	rm -rf out/deps out/Release
 	$(PYTHON) ./configure --prefix=/ --download=all --with-intl=small-icu \
-		--without-snapshot --dest-cpu=$(DESTCPU) --tag=$(TAG) $(CONFIG_FLAGS)
+		--dest-cpu=$(DESTCPU) --tag=$(TAG) $(CONFIG_FLAGS)
 	$(MAKE) install DESTDIR=$(BINARYNAME) V=$(V) PORTABLE=1
 	cp README.md $(BINARYNAME)
 	cp LICENSE $(BINARYNAME)
@@ -357,7 +357,7 @@ binary: $(BINARYTAR)
 
 $(PKGSRC): release-only
 	rm -rf dist out
-	$(PYTHON) configure --prefix=/ --without-snapshot --download=all \
+	$(PYTHON) configure --prefix=/ --download=all \
 		--with-intl=small-icu --dest-cpu=$(DESTCPU) --tag=$(TAG) \
 		$(CONFIG_FLAGS)
 	$(MAKE) install DESTDIR=dist

diff --git a/android-configure b/android-configure
@@ -14,6 +14,5 @@ export CXX=arm-linux-androideabi-g++
 export LINK=arm-linux-androideabi-g++
 
 ./configure \
-    --without-snapshot \
     --dest-cpu=arm \
     --dest-os=android
diff --git a/configure b/configure
@@ -292,11 +292,16 @@ parser.add_option('--without-perfctr',
     dest='without_perfctr',
     help='build without performance counters')
 
+parser.add_option('--with-snapshot',
+    action='store_true',
+    dest='with_snapshot',
+    help=optparse.SUPPRESS_HELP)
+
+# Dummy option for backwards compatibility.
 parser.add_option('--without-snapshot',
     action='store_true',
-    dest='without_snapshot',
-    help='build without snapshotting V8 libraries. You might want to set'
-         ' this for cross-compiling. [Default: False]')
+    dest='unused_without_snapshot',
+    help=optparse.SUPPRESS_HELP)
 
 parser.add_option('--without-ssl',
     action='store_true',
@@ -323,6 +328,12 @@ parser.add_option('--xcode',
 # set up auto-download list
 auto_downloads = nodedownload.parse(options.download_list)
 
+
+def warn(msg):
+  prefix = '\033[1m\033[91mWARNING\033[0m' if os.isatty(1) else 'WARNING'
+  print('%s: %s' % (prefix, msg))
+
+
 def b(value):
   """Returns the string 'true' if value is truthy, 'false' otherwise."""
   if value:
@@ -515,7 +526,7 @@ def configure_node(o):
   o['variables']['host_arch'] = host_arch
   o['variables']['target_arch'] = target_arch
 
-  if target_arch != host_arch and not options.without_snapshot:
+  if target_arch != host_arch and options.with_snapshot:
     o['variables']['want_separate_host_toolset'] = 1
   else:
     o['variables']['want_separate_host_toolset'] = 0
@@ -651,7 +662,7 @@ def configure_v8(o):
   o['variables']['v8_no_strict_aliasing'] = 1  # Work around compiler bugs.
   o['variables']['v8_optimized_debug'] = 0  # Compile with -O0 in debug builds.
   o['variables']['v8_random_seed'] = 0  # Use a random seed for hash tables.
-  o['variables']['v8_use_snapshot'] = b(not options.without_snapshot)
+  o['variables']['v8_use_snapshot'] = b(options.with_snapshot)
 
   # assume shared_v8 if one of these is set?
   if options.shared_v8_libpath:

diff --git a/node.gyp b/node.gyp
@@ -1,6 +1,6 @@
 {
   'variables': {
-    'v8_use_snapshot%': 'true',
+    'v8_use_snapshot%': 'false',
     'node_use_dtrace%': 'false',
     'node_use_etw%': 'false',
     'node_use_perfctr%': 'false',

diff --git a/vcbuild.bat b/vcbuild.bat
@@ -17,11 +17,11 @@ set msiplatform=x86
 set target=Build
 set target_arch=ia32
 set debug_arg=
-set nosnapshot_arg=
+set snapshot_arg=
 set noprojgen=
 set nobuild=
 set nosign=
-set nosnapshot=
+set snapshot=
 set test=
 set test_args=
 set msi=
@@ -50,7 +50,7 @@ if /i "%1"=="x64"           set target_arch=x64&goto arg-ok
 if /i "%1"=="noprojgen"     set noprojgen=1&goto arg-ok
 if /i "%1"=="nobuild"       set nobuild=1&goto arg-ok
 if /i "%1"=="nosign"        set nosign=1&goto arg-ok
-if /i "%1"=="nosnapshot"    set nosnapshot=1&goto arg-ok
+if /i "%1"=="snapshot"      set snapshot=1&goto arg-ok
 if /i "%1"=="noetw"         set noetw=1&goto arg-ok
 if /i "%1"=="noperfctr"     set noperfctr=1&goto arg-ok
 if /i "%1"=="licensertf"    set licensertf=1&goto arg-ok
@@ -84,7 +84,7 @@ if defined upload goto upload
 if defined jslint goto jslint
 
 if defined build_release (
-  set nosnapshot=1
+  set snapshot=
   set config=Release
   set msi=1
   set licensertf=1
@@ -94,7 +94,7 @@ if defined build_release (
 
 if "%config%"=="Debug" set debug_arg=--debug
 if "%target_arch%"=="x64" set msiplatform=x64
-if defined nosnapshot set nosnapshot_arg=--without-snapshot
+if defined snapshot set snapshot_arg=--with-snapshot
 if defined noetw set noetw_arg=--without-etw& set noetw_msi_arg=/p:NoETW=1
 if defined noperfctr set noperfctr_arg=--without-perfctr& set noperfctr_msi_arg=/p:NoPerfCtr=1
 
@@ -151,7 +151,7 @@ goto exit
 if defined noprojgen goto msbuild
 
 @rem Generate the VS project.
-python configure %download_arg% %i18n_arg% %debug_arg% %nosnapshot_arg% %noetw_arg% %noperfctr_arg% --dest-cpu=%target_arch% --tag=%TAG%
+python configure %download_arg% %i18n_arg% %debug_arg% %snapshot_arg% %noetw_arg% %noperfctr_arg% --dest-cpu=%target_arch% --tag=%TAG%
 if errorlevel 1 goto create-msvs-files-failed
 if not exist node.sln goto create-msvs-files-failed
 echo Project files generated.