* [bitcoin-dev] Nuke *notify options from Bitcoin Core
@ 2022-01-01 21:03 Prayank
2022-01-01 22:57 ` Daniel Edgecumbe
0 siblings, 1 reply; 3+ messages in thread
From: Prayank @ 2022-01-01 21:03 UTC (permalink / raw)
To: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 2015 bytes --]
Hello World,
What?
Remove all *notify options from Bitcoin Core (full node implementation used by 99% nodes)
Or one of the below:
notifications.dat
not use system() in runCommand()
Use a new setting in settings.json file, notifypolicy which is 0 by default (restricted) and can be set to 1 (unrestricted)
Why?
They can help attackers in doing almost anything on machines running Bitcoin Core with some social engineering.
How?
Everything is explained several times in different issues, PRs etc. to different people including few reviewers who even NACKed a PR that would help in adding such options but with some documentation. I won't comment much about the reviewers but some of them were clueless about issue and how things work.
Example: Calling something misleading and ludicrous when you don't even know what works in Windows shortcut and could not share one example of financial application https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-1003496126
TL;DR
https://github.com/bitcoin/bitcoin/pull/23395#issuecomment-956353035
https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-970480769
To be honest, neither I have energy left to highlight the importance of these issues nor most of the people look interested in this space to address it. This email is a part of my efforts to share things with everyone which I even tried with documentation. There is something seriously wrong if few people including maintainers acknowledge the issues with *notify options but nobody wants to fix it or document it, I will leave it for people to form their own opinions about it.
Last but not least I was even asked to not review and comment in https://github.com/bitcoin/bitcoin/pull/23395 when I was just responding to others.
This will be helpful in my security project which was already shared in mailing list to highlight what users expect from developers and future of money, review process etc. and what is the ground reality.
Happy New Year
--
Prayank
A3B1 E430 2298 178F
[-- Attachment #2: Type: text/html, Size: 3092 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bitcoin-dev] Nuke *notify options from Bitcoin Core
2022-01-01 21:03 [bitcoin-dev] Nuke *notify options from Bitcoin Core Prayank
@ 2022-01-01 22:57 ` Daniel Edgecumbe
0 siblings, 0 replies; 3+ messages in thread
From: Daniel Edgecumbe @ 2022-01-01 22:57 UTC (permalink / raw)
To: M.K. Safi via bitcoin-dev
I've looked at these PR's and they seem, frankly, bizarre.
You've essentially noticed that if an attacker can run commands on your system, they can run commands on your system.
If you can convince someone to run arbitrary commands, which is what a desktop shortcut or a command argument _is_ at a fundamental level, you own their system. I fail to see how this has anything to do with Core at all.
Daniel Edgecumbe | esotericnonsense
email@esotericnonsense•com | https://esotericnonsense.com
On Sat, Jan 1, 2022, at 21:03, Prayank via bitcoin-dev wrote:
> Hello World,
>
> What?
>
> Remove all *notify options from Bitcoin Core (full node implementation
> used by 99% nodes)
>
> Or one of the below:
>
> notifications.dat
> not use system() in runCommand()
> Use a new setting in settings.json file, notifypolicy which is 0 by
> default (restricted) and can be set to 1 (unrestricted)
>
> Why?
>
> They can help attackers in doing almost anything on machines running
> Bitcoin Core with some social engineering.
>
> How?
>
> Everything is explained several times in different issues, PRs etc. to
> different people including few reviewers who even NACKed a PR that
> would help in adding such options but with some documentation. I won't
> comment much about the reviewers but some of them were clueless about
> issue and how things work.
>
> Example: Calling something misleading and ludicrous when you don't even
> know what works in Windows shortcut and could not share one example of
> financial application
> https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-1003496126
>
> TL;DR
>
> https://github.com/bitcoin/bitcoin/pull/23395#issuecomment-956353035
>
> https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-970480769
>
> To be honest, neither I have energy left to highlight the importance of
> these issues nor most of the people look interested in this space to
> address it. This email is a part of my efforts to share things with
> everyone which I even tried with documentation. There is something
> seriously wrong if few people including maintainers acknowledge the
> issues with *notify options but nobody wants to fix it or document it,
> I will leave it for people to form their own opinions about it.
>
> Last but not least I was even asked to not review and comment in
> https://github.com/bitcoin/bitcoin/pull/23395 when I was just
> responding to others.
>
> This will be helpful in my security project which was already shared in
> mailing list to highlight what users expect from developers and future
> of money, review process etc. and what is the ground reality.
>
> Happy New Year
>
> --
> Prayank
>
> A3B1 E430 2298 178F
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bitcoin-dev] Nuke *notify options from Bitcoin Core
@ 2022-01-01 23:29 Prayank
0 siblings, 0 replies; 3+ messages in thread
From: Prayank @ 2022-01-01 23:29 UTC (permalink / raw)
To: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 612 bytes --]
Hi Daniel,
Not sure which PRs are you talking about, maybe you missed these points based on your understanding:
Lot of fancy things won't work in windows shortcut target
It is more suspicious even if you try, compared to something wrapped in *notify options provided by bitcoin core
This will not provide me option to run a command based on events like received transaction in wallet
*notify options provide some options that every malware is looking for
There is enough time to research more about the issue and respond with something new or that helps in documentation.
--
Prayank
A3B1 E430 2298 178F
[-- Attachment #2: Type: text/html, Size: 1139 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-01 23:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-01 21:03 [bitcoin-dev] Nuke *notify options from Bitcoin Core Prayank
2022-01-01 22:57 ` Daniel Edgecumbe
2022-01-01 23:29 Prayank
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox