HomePhabricator

lockedpool: When possible, use madvise to avoid including sensitive information…

Description

lockedpool: When possible, use madvise to avoid including sensitive information in core dumps

Summary:
Issue bitcoin#16824

On a crash, bitcoin-qt may dump a core file that contains what was in memory at the time of the crash, for debugging purposes. The problem here is that bitcoin-qt stores the user's wallet.dat unencrypted in memory. With this information it becomes rather trivial to reconstruct parts of a user's wallet.dat from a .core dump alone.
You can find the wallets within the core file simply by grepping for known parts of a wallet.dat ex: xxd bitcoin-qt.core | grep "6231 0500" With this information you can find the offset of the wallet within the core file, and reconstruct it per a known wallet.dat's length. Upon reloading the extracted wallet into bitcoin-qt, you'll lose address book information - but balance is retained. This has been assigned CVE-2019-15947.

This is a backport of Core PR15600

Test Plan: ninja all check-all

Reviewers: #bitcoin_abc, deadalnix, Fabien

Reviewed By: #bitcoin_abc, deadalnix, Fabien

Subscribers: Fabien

Differential Revision: https://reviews.bitcoinabc.org/D8879

Details

Provenance
Luke Dashjr <luke-jr+git@utopios.org>Authored on Jan 12 2021, 14:17
PiRKCommitted on Jan 12 2021, 14:23
abc-botPushed on Jan 12 2021, 14:23
Reviewer
Restricted Project
Differential Revision
D8879: lockedpool: When possible, use madvise to avoid including sensitive information in core dumps
Parents
rABCb1a28d9a77a6: test: Fix restart node race
Branches
Unknown
Tags
Unknown