Don't create keyfile with insecure permissions #263
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-12-19#263
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Issue #258 is similar, but slightly different.
Even with the fix from pull/#262, there is a (milder) vulnerability: on some systems a malicious process can get a file handle during the short time that keys.dat remains in a readable state. If the user creates a key while the malicious process has a valid handle, the malware can read the key. Even after permissions change!
The fix is to ensure the keys.dat file is never readable except by the owner. On posix systems this should be a simple os.umask(0o077) before any file creation. But I don't know how to do this in a platform-independent way, and I have very little time for a few weeks.
According to the Python manual os.umask is available in Windows and Linux. Although I can not vouch for exactly what it does in Windows as obviously the filesystem security model in Windows is somewhat different.
http://docs.python.org/2/library/os.html#os.umask
Ack, likewise on the uncertainty about the Windows security model, so I'd
love for someone more familiar to chime in!