Add mitigation for disk fill via logging attacks #21559

issue practicalswift openend this issue on March 31, 2021
  1. practicalswift commented at 10:22 am on March 31, 2021: contributor

    Short version:

    It would be nice if we could render “disk fill via logging” vulnerabilities unexploitable by introducing a mitigation like the one suggested in the “up for grabs” PR #19995. That PR was Concept ACK:ed by @naumenkogs, @laanwj and @jnewbery, but unfortunately closed due to lack of time. Volunteers welcome!


    Long version:

    A disk fill attack is an attack where an untrusted party (such as a peer) is able to cheaply make your node log to disk excessively. The excessive logging may fill your disk and thus make your node crash either cleanly (best case: if disk fill rate is relatively slow) or uncleanly (worst case: if disk fill rate is relatively fast).

    It is easy to accidentally introduce a disk fill vulnerability: all it takes is a LogPrintf in a code path which is easily and cheaply triggered by a remote attacker.

    It would be nice if we could kill this vulnerability bug class by introducing a general mitigation mechanism which would remove the ability exploit such such a misplaced LogPrintf. (Our first line of defence would obviously be to never misplace a LogPrintf, but realistically logging mistakes happen and that’s where mitigations kick in as a second line of defence.)

    One possible mitigation was suggested in PR #19995 which received Concept ACKs from @naumenkogs, @laanwj and @jnewbery. The reviewers came up with some good ideas for improvements which need to be implemented. Unfortunately I don’t have time to implement those changes myself, but if someone is looking for “up for grabs” PRs then #19995 would be a very good choice. It is seldom one gets the chance to kill an entire vulnerability bug class :) I’d be glad to review and help out.

    The solution suggested in the referenced PR is one of many possible solutions, but regardless of which solution we choose I think we need some disk fill attack mitigation to kill this bug class once and for all :)

  2. practicalswift added the label Feature on Mar 31, 2021
  3. fanquake added the label Utils/log/libs on Mar 31, 2021
  4. practicalswift closed this on Oct 29, 2021

  5. DrahtBot locked this on Oct 30, 2022

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 18:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me