Page MenuHomePhabricator

lockedpool: When possible, use madvise to avoid including sensitive information in core dumps

Authored by PiRK on Tue, Jan 12, 10:18.



Issue bitcoin#16824

On a crash, bitcoin-qt may dump a core file that contains what was in memory at the time of the crash, for debugging purposes. The problem here is that bitcoin-qt stores the user's wallet.dat unencrypted in memory. With this information it becomes rather trivial to reconstruct parts of a user's wallet.dat from a .core dump alone.
You can find the wallets within the core file simply by grepping for known parts of a wallet.dat ex: xxd bitcoin-qt.core | grep "6231 0500" With this information you can find the offset of the wallet within the core file, and reconstruct it per a known wallet.dat's length. Upon reloading the extracted wallet into bitcoin-qt, you'll lose address book information - but balance is retained. This has been assigned CVE-2019-15947.

This is a backport of Core PR15600

Test Plan

ninja all check-all

Diff Detail

rABC Bitcoin ABC
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

PiRK requested review of this revision.Tue, Jan 12, 10:18

@bot gitian-linux gitian-osx gitian-win

This revision is now accepted and ready to land.Tue, Jan 12, 10:58