1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
Return-Path: <email@esotericnonsense.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 09ED0C001E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 23:05:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id CB40560D90
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 23:05:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=esotericnonsense.com
header.b="qbvtWkHX"; dkim=pass (2048-bit key)
header.d=messagingengine.com header.b="Zr2q2s6p"
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pmDxbcJnSelh
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 23:05:51 +0000 (UTC)
X-Greylist: delayed 00:07:27 by SQLgrey-1.8.0
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
[66.111.4.25])
by smtp3.osuosl.org (Postfix) with ESMTPS id D6C6460D7B
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 23:05:51 +0000 (UTC)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.nyi.internal (Postfix) with ESMTP id 8D8595C00CB
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 17:58:19 -0500 (EST)
Received: from imap45 ([10.202.2.95])
by compute1.internal (MEProxy); Sat, 01 Jan 2022 17:58:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
esotericnonsense.com; h=mime-version:message-id:in-reply-to
:references:date:from:to:subject:content-type; s=fm2; bh=2Fg0Av3
1PRzNaAT42Nc2jDFu+lVqNGosSWsZrCV0eZQ=; b=qbvtWkHXIi/mtERPatABS7Z
K9Kz6j+vBZqzk5LUPb3d00LU9qTrSrC4YKGz4XvXTo3wEoZwNd1reOcKdgx7KsG5
FzXFHu1pOSP4SSjH47OaJaDeK3SypGkiK8bTgltnAWZ8+WvY7emSmp7EllJAj7EC
vn+Lz9/aqoWhsW8wZD+p2zUyIyJSWyKHJtctv09txIKFvMPv1kEXrc3MLsw5/VY1
gWlavz5CkIYae93cKSHjeBt9mzI2AxziBt8m4hFCE5py7apqMCqyD2HEd8LFCNuP
xvwZE/KGbna9H9+rapUQYAGc02l+NsmKQTYlLtrms2t++B2ZuVaABd341SGA5bQ=
=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=2Fg0Av
31PRzNaAT42Nc2jDFu+lVqNGosSWsZrCV0eZQ=; b=Zr2q2s6pN3hgrbEGZozB1q
ghle0wn/3OGHXgXeu1mGdBHhwiYPoZP/vkdFIUoEU68Y5KTPARMdx5jgl8Q1eUsQ
Z361zi7yfcO/YlvmE5mL+3HLImHP3FKvJd5yt3ioawlkBR0CC/doJaj/eRzvo1HM
e2tJq8j5ueAtDuS7dATkFsR9/w+2CMDKeVfNjNxAgNEzZ9razv8w+bS28Pc4hwQb
DX2klQlRIIynj9LlM3mWjL/PWGXHI/dcUkQrFLiPOpR7GSBRCnWJuLehq2IQ+ER2
A7zZG0ZEpv/KbG9eqA/5sUJR6HPZyVZWwDjOiKSLJ93lIWiPffIREHunteuSzlYg
==
X-ME-Sender: <xms:i9zQYZqNMtXGSWdEXFCuaTx5eftG3gv3DPdYV2JXvps18Lu6QHbkHA>
<xme:i9zQYbrCrI-BKmRRDgt1V9Eop7f2Rg3eZ7MKmghkBHpOzB_lUCAmR-pnbisgSuMBw
2_p7KBAs6vi3-8hYA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddruddvkedgtdegucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdffrghn
ihgvlhcugfgughgvtghumhgsvgdfuceovghmrghilhesvghsohhtvghrihgtnhhonhhsvg
hnshgvrdgtohhmqeenucggtffrrghtthgvrhhnpeelkeeklefgleeufeeltdefteejtdeu
gedtkefgveetleejffeiuefgheetleeigfenucffohhmrghinhepvghsohhtvghrihgtnh
honhhsvghnshgvrdgtohhmpdhgihhthhhusgdrtghomhdplhhinhhugihfohhunhgurght
ihhonhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
hrohhmpegvmhgrihhlsegvshhothgvrhhitghnohhnshgvnhhsvgdrtghomh
X-ME-Proxy: <xmx:i9zQYWNdWioBzJo6dqTaFEhqDqrAWvneptJWkvKgQM_7m_c9GRgwiw>
<xmx:i9zQYU4hiG5ZAp_kJlp5_9JBVXqQVYWjpWrymny6KKqYaYTT1oGpRg>
<xmx:i9zQYY4GDvIcit9KimB5f-UVy3nmn8po3W6IwvsTPI36s6oCZAkT7Q>
<xmx:i9zQYaFRCYt4nx41r1z6MxtM6LLb5WEZOULk4cg1SECcdfZM2qlwIg>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 4781A24A0074; Sat, 1 Jan 2022 17:58:19 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4525-g8883000b21-fm-20211221.001-g8883000b
Mime-Version: 1.0
Message-Id: <6bc18fea-e5f4-4136-928f-019ac44bf390@www.fastmail.com>
In-Reply-To: <MsMS0F9--3-2@tutanota.de>
References: <MsMS0F9--3-2@tutanota.de>
Date: Sat, 01 Jan 2022 22:57:57 +0000
From: "Daniel Edgecumbe" <email@esotericnonsense.com>
To: "M.K. Safi via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain
X-Mailman-Approved-At: Sat, 01 Jan 2022 23:13:15 +0000
Subject: Re: [bitcoin-dev] Nuke *notify options from Bitcoin Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jan 2022 23:05:53 -0000
I've looked at these PR's and they seem, frankly, bizarre.
You've essentially noticed that if an attacker can run commands on your system, they can run commands on your system.
If you can convince someone to run arbitrary commands, which is what a desktop shortcut or a command argument _is_ at a fundamental level, you own their system. I fail to see how this has anything to do with Core at all.
Daniel Edgecumbe | esotericnonsense
email@esotericnonsense.com | https://esotericnonsense.com
On Sat, Jan 1, 2022, at 21:03, Prayank via bitcoin-dev wrote:
> Hello World,
>
> What?
>
> Remove all *notify options from Bitcoin Core (full node implementation
> used by 99% nodes)
>
> Or one of the below:
>
> notifications.dat
> not use system() in runCommand()
> Use a new setting in settings.json file, notifypolicy which is 0 by
> default (restricted) and can be set to 1 (unrestricted)
>
> Why?
>
> They can help attackers in doing almost anything on machines running
> Bitcoin Core with some social engineering.
>
> How?
>
> Everything is explained several times in different issues, PRs etc. to
> different people including few reviewers who even NACKed a PR that
> would help in adding such options but with some documentation. I won't
> comment much about the reviewers but some of them were clueless about
> issue and how things work.
>
> Example: Calling something misleading and ludicrous when you don't even
> know what works in Windows shortcut and could not share one example of
> financial application
> https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-1003496126
>
> TL;DR
>
> https://github.com/bitcoin/bitcoin/pull/23395#issuecomment-956353035
>
> https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-970480769
>
> To be honest, neither I have energy left to highlight the importance of
> these issues nor most of the people look interested in this space to
> address it. This email is a part of my efforts to share things with
> everyone which I even tried with documentation. There is something
> seriously wrong if few people including maintainers acknowledge the
> issues with *notify options but nobody wants to fix it or document it,
> I will leave it for people to form their own opinions about it.
>
> Last but not least I was even asked to not review and comment in
> https://github.com/bitcoin/bitcoin/pull/23395 when I was just
> responding to others.
>
> This will be helpful in my security project which was already shared in
> mailing list to highlight what users expect from developers and future
> of money, review process etc. and what is the ground reality.
>
> Happy New Year
>
> --
> Prayank
>
> A3B1 E430 2298 178F
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|