Fixing issue #262 & #263, bad keyfile permissions. #262

Merged

fiatflux merged 12 commits from keyfile_perm_fix into master 2013-07-15 21:51:28 +02:00

Conversation 4 Commits 12 Files Changed 3 +79 -18

fiatflux commented 2013-06-26 14:39:13 +02:00 (Migrated from github.com)

Copy Link

This spits out a warning to the console, but ideally it would also
issue a warning to the GUI for those who didn't start it from the
console. N.B. the warning is a one shot thing, since it fixes the
problem in a way essentially undetectable in the future, so it
should be done right if it is to be done at all.

Maybe we should even disable all keys automatically if the keyfile
is found in an insecure state.

This spits out a warning to the console, but ideally it would also issue a warning to the GUI for those who didn't start it from the console. N.B. the warning is a one shot thing, since it fixes the problem in a way essentially undetectable in the future, so it should be done right if it is to be done at all. Maybe we should even disable all keys automatically if the keyfile is found in an insecure state.

Atheros1 commented 2013-06-26 20:14:10 +02:00 (Migrated from github.com)

Copy Link

I will be able to test this more extensively Thursday and I would expect to merge it then.
Thank you

I will be able to test this more extensively Thursday and I would expect to merge it then. Thank you

fiatflux commented 2013-06-26 22:34:02 +02:00 (Migrated from github.com)

Copy Link

@Atheros1, I'm really thinking this should disable all keys before it gets merged with master. It's early in the lifetime of the project so nobody should be using this for highly sensitive communication yet, and manually enabling keys people don't consider sensitive or compromised is a pain, but I think it's worth sticking to paranoid practices from the beginning.

@Atheros1, I'm really thinking this should disable all keys before it gets merged with master. It's early in the lifetime of the project so nobody should be using this for highly sensitive communication yet, and manually enabling keys people don't consider sensitive or compromised is a pain, but I think it's worth sticking to paranoid practices from the beginning.

Atheros1 commented 2013-07-05 23:43:34 +02:00 (Migrated from github.com)

Copy Link

I've tested a compiled EXE on Windows and found no problems although looking at the code, it looks like it doesn't do anything special in Windows, does it?

@fiatflux Obviously it is good to be paranoid about security but we can't disable people's addresses without telling them and letting them re-enable them. This will cause people to miss messages (until they are retransmitted). But it isn't just that almost no one will notice that they need to re-enable them, it is that of those who find out, no one won't re-enable their addresses which means that it will have provided no attack mitigation in the first place.

I've tested a compiled EXE on Windows and found no problems although looking at the code, it looks like it doesn't do anything special in Windows, does it? @fiatflux Obviously it is good to be paranoid about security but we can't disable people's addresses without telling them and letting them re-enable them. This will cause people to miss messages (until they are retransmitted). But it isn't just that almost no one will notice that they need to re-enable them, it is that of those who find out, no one _won't_ re-enable their addresses which means that it will have provided no attack mitigation in the first place.

fiatflux commented 2013-07-10 21:53:36 +02:00 (Migrated from github.com)

Copy Link

Sorry for the delay. I'm back to having a bit of free time and network access.

Indeed, the important bits of this don't touch Windows.

I suppose you're right about how the users would react to this. The poses the question, though: what is the right way to revoke keys? (For future consideration.)

I have updated this branch to reflect your input. FYI, I don't want to redo logging here so this branch now contains commits from fiatflux:no_propagate_loggers, which has its own pull request.

Sorry for the delay. I'm back to having a bit of free time and network access. Indeed, the important bits of this don't touch Windows. I suppose you're right about how the users would react to this. The poses the question, though: what is the right way to revoke keys? (For future consideration.) I have updated this branch to reflect your input. FYI, I don't want to redo logging here so this branch now contains commits from fiatflux:no_propagate_loggers, which has its own pull request.

This repo is archived. You cannot comment on pull requests.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working as it's supposed to

  

build

Related to building or build system

  

dependencies

Pull requests that update a dependency file

  

developers

The issue is relevant mainly for developers rather than users

  

documentation

  

duplicate

  

enhancement

New feature

  

formatting

Code or UI text formatting

  

invalid

  

legal

  

mobile

Frontend for mobile devices (kivy)

  

obsolete

  

packaging

  

performance

  

protocol

Protocol change

  

question

  

refactoring

  

regression

Some issue, fixed in the past, appears again

  

security

  

test

  

translation

  

usability

  

wontfix

No Label

bug

build

dependencies

developers

documentation

duplicate

enhancement

formatting

invalid

legal

mobile

obsolete

packaging

performance

protocol

question

refactoring

regression

security

test

translation

usability

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-01#262

No description provided.