lockedpool: When possible, use madvise to avoid including sensitive information in core dumps
ClosedPublic
Actions

Authored by PiRK on Jan 12 2021, 10:18.

Details

Reviewers

deadalnix
Fabien

Group Reviewers

Restricted Project

Commits

rABCebb8bddb6c10: lockedpool: When possible, use madvise to avoid including sensitive information…

Summary

Issue bitcoin#16824

On a crash, bitcoin-qt may dump a core file that contains what was in memory at the time of the crash, for debugging purposes. The problem here is that bitcoin-qt stores the user's wallet.dat unencrypted in memory. With this information it becomes rather trivial to reconstruct parts of a user's wallet.dat from a .core dump alone.
You can find the wallets within the core file simply by grepping for known parts of a wallet.dat ex: xxd bitcoin-qt.core | grep "6231 0500" With this information you can find the offset of the wallet within the core file, and reconstruct it per a known wallet.dat's length. Upon reloading the extracted wallet into bitcoin-qt, you'll lose address book information - but balance is retained. This has been assigned CVE-2019-15947.

This is a backport of Core PR15600

Test Plan

ninja all check-all

Diff Detail

Repository

rABC Bitcoin ABC

Branch

pr15600

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 14714
Build 29387: Build Diff	lint-circular-dependencies · build-without-wallet · build-debug · build-clang · build-clang-tidy · build-diff
Build 29386: arc lint + arc unit