Bitmessage/PyBitmessage-2025-02-27
Archived
2
0
Fork 0
Code Issues 167 Pull Requests 56 Actions Packages Projects Releases 5 Wiki Activity

Don't create keyfile with insecure permissions #263

New Issue
Closed
opened 2013-06-26 14:49:29 +02:00 by fiatflux · 2 comments
fiatflux commented 2013-06-26 14:49:29 +02:00 (Migrated from github.com)
Copy Link

Issue #258 is similar, but slightly different.

Even with the fix from pull/#262, there is a (milder) vulnerability: on some systems a malicious process can get a file handle during the short time that keys.dat remains in a readable state. If the user creates a key while the malicious process has a valid handle, the malware can read the key. Even after permissions change!

The fix is to ensure the keys.dat file is never readable except by the owner. On posix systems this should be a simple os.umask(0o077) before any file creation. But I don't know how to do this in a platform-independent way, and I have very little time for a few weeks.

Issue #258 is similar, but slightly different. Even with the fix from pull/#262, there is a (milder) vulnerability: on some systems a malicious process can get a file handle during the short time that keys.dat remains in a readable state. If the user creates a key while the malicious process has a valid handle, the malware can read the key. Even after permissions change! The fix is to ensure the keys.dat file is never readable except by the owner. On posix systems this should be a simple os.umask(0o077) before any file creation. But I don't know how to do this in a platform-independent way, and I have very little time for a few weeks.
DivineOmega commented 2013-06-26 17:43:13 +02:00 (Migrated from github.com)
Copy Link

According to the Python manual os.umask is available in Windows and Linux. Although I can not vouch for exactly what it does in Windows as obviously the filesystem security model in Windows is somewhat different.

http://docs.python.org/2/library/os.html#os.umask

According to the Python manual os.umask is available in Windows and Linux. Although I can not vouch for exactly what it does in Windows as obviously the filesystem security model in Windows is somewhat different. http://docs.python.org/2/library/os.html#os.umask
fiatflux commented 2013-06-26 18:14:42 +02:00 (Migrated from github.com)
Copy Link

Ack, likewise on the uncertainty about the Windows security model, so I'd
love for someone more familiar to chime in!

Ack, likewise on the uncertainty about the Windows security model, so I'd love for someone more familiar to chime in!
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working as it's supposed to
build
Related to building or build system
dependencies
Pull requests that update a dependency file
developers
The issue is relevant mainly for developers rather than users
documentation
duplicate
enhancement
New feature
formatting
Code or UI text formatting
invalid
legal
mobile
Frontend for mobile devices (kivy)
obsolete
packaging
performance
protocol
Protocol change
question
refactoring
regression
Some issue, fixed in the past, appears again
security
test
translation
usability
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
PeterSurda
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2025-02-27#263
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?