Tighten permissions of ~/.bitcoin/ to prevent unauthorized access #2430

pull da2x wants to merge 1 commits into bitcoin:master from da2x:patch-1 changing 1 files +8 −0
  1. da2x commented at 1:11 AM on March 31, 2013: contributor

    boost::filesystem::create_directory() defaults to allow all users full access to the Bitcoin DataDir. This directory should only be accessible to the owner to limit unauthorized access.

    A future version can use boost::filesystem::permissions() (v1.49+) instead of dealing with the lower level chmod directly.

  2. BitcoinPullTester commented at 4:17 AM on March 31, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/ae30da5a08fa08ba926ee4a1fef48fcbbf1fe4bc for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  3. laanwj commented at 5:14 AM on March 31, 2013: member

    I think this may be useful addition. Can you squash into one commit?

  4. DataDir should only be accessible to it’s owner
    boost::filesystem::create_directory() defaults to allow all users
full access to the Bitcoin DataDir. This directory should only be
accessible to the owner to limit unauthorized access.

A future version can use boost::filesystem::permissions() (v1.49+)
instead of dealing with the lower level chmod directly.
    b05e909d08
  5. da2x commented at 12:20 PM on March 31, 2013: contributor

    Of course, @laanwj. I’ve done so now.

  6. rebroad commented at 1:22 AM on April 1, 2013: contributor

    Isn't it better to use umask first so that it's created with the correct permissions from the start, rather than creating it with the wrong permissions and then chmodding it (as this pull currently does)?

  7. da2x commented at 9:28 AM on April 1, 2013: contributor

    @rebroad the patch continues to use Boost for creating the directory cross-platform. What is added is for Unix systems to set the permissions more restrictive after creating the patch. This should also upgrade permissions for existing users, where as doing a new mkdir will not.

  8. Diapolo commented at 11:51 AM on April 1, 2013: none

    You mention boost::filesystem::permissions() why not include code with #if BOOST_VERSION >= 104900?

  9. laanwj commented at 2:42 PM on April 1, 2013: member

    @rebroad This is strange. We are setting the umask (in init.cpp). Also my .bitcoin filter has the right permissions even without this patch. @Aeyoun Are you sure it manages to create the directory with wrong permissions? Can you reproduce this?

  10. BitcoinPullTester commented at 2:15 AM on April 3, 2013: none

    Automatic sanity-testing: FAILED BUILD/TEST, see http://jenkins.bluematt.me/pull-tester/b05e909d089c842cc155a60da3fdf3609abaca5c for binaries and test log.

    This could happen for one of several reasons:

    1. It chanages paths in makefile.linux-mingw or otherwise changes build scripts in a way that made them incompatible with the automated testing scripts (you can find the patches applied at test-time at http://jenkins.bluematt.me/pull-tester/files/patches/)
    2. It adds/modifies tests which test network rules (thanks for doing that), which conflicts with a patch applied at test time
    3. It does not build on either Linux i386 or Win32 (via MinGW cross compile)
    4. The test suite fails on either Linux i386 or Win32
    5. The block test-cases failed (lookup the first bNN identifier which failed in https://github.com/TheBlueMatt/test-scripts/blob/master/FullBlockTestGenerator.java)

    If you believe this to be in error, please ping BlueMatt on freenode or TheBlueMatt here.

    This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  11. laanwj commented at 3:26 PM on April 8, 2013: member

    So is there any reason why we would need this? Why would the umask call not be enough?

  12. gavinandresen commented at 3:38 PM on April 8, 2013: contributor

    Closing this, because init.cpp already sets: umask(077);

  13. gavinandresen closed this on Apr 8, 2013
  14. DrahtBot locked this on Sep 8, 2021
Contributors
da2xBitcoinPullTesterlaanwjrebroadDiapologavinandresen
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 21:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me