Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information #5095

pull maaku wants to merge 1 commits into bitcoin:master from maaku:rpcpassword-in-debug-log changing 4 files +12 −2
  1. maaku commented at 11:23 pm on October 16, 2014: contributor

    This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the ‘rpcpassword’ option configured, resulting in the “suggested” password being output to the debug log.

    Fixes #5094.

  2. in src/noui.cpp: in ea48502838 outdated 
    13@@ -14,6 +14,9 @@
14 
15 static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
16 {
17+    bool fSecure = style & CClientUIInterface::SECURE;
18+    style ^= CClientUIInterface::SECURE;
    sipa commented at 11:44 pm on October 16, 2014:

    Sure you don’t mean:

    0style &= ~CClientUIInterface::SECURE

    here?

    maaku commented at 6:56 am on October 17, 2014:
    Whoops, yep. The first version had that line inside an if (fSecure) block. Fixing…
  3. laanwj commented at 6:31 am on October 17, 2014: member
    Looks like an acceptable solution to me (apart from sipa’s nit).
  4. Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log. d4746d56c0
  5. maaku force-pushed on Oct 17, 2014
  6. maaku commented at 6:52 pm on October 17, 2014: contributor
    Pushed an update last night fixing sipa’s correct nit.
  7. TheBlueMatt commented at 0:30 am on October 18, 2014: member 
     0-----BEGIN PGP SIGNED MESSAGE-----
 1Hash: SHA1
 2
 3Tested ACK commithash d4746d56c0c45b8721da36bc19b2bdaba5d7d094
 4-----BEGIN PGP SIGNATURE-----
 5Version: GnuPG v2
 6
 7iQIcBAEBAgAGBQJUQbR4AAoJEIm7uGY+LmXOhPEQAN/yAG2CrjWTcJqB+GDHeL4l
 8hncyJAVjpAasQFls0D9IxQP8vrb3bRy5m2JjU8npIKgrqJF0+785IZZFoGhw74d+
 9MofGkx9iFySg91y5VysmIARVAKuGiH6yK6udxSZvH7qU86u4CP/kRJe1qSO0NaMq
10zTLab+QdCgwH02qo2sBQtz3+IosRb/+QvqE1JnaxRTcQXOmtatZl4YtA/8Kqq3LX
11J6StzsiG+riMaXzm69OOX87Tp/AZa7git5QNxWhPSaHanq5T2sg7cQgOBEE/2cuY
12padjK8MfuRer9nDnmgYuHegmKm0MSygc9F2Vk7s1rPpyzUZBZrkXHkPoFeCwZNh9
13NsfMALYDRtfM6lZ8qhpn6KOIJPENscZj9WwMGsqdjyPcoqXPCW86Da//R7mDEg0n
14EBY4h/xZLM3f00mCr9MKnw35rkKHI++F5poOTpIsfHp9czcJRIoAWKD8x1abfVgK
15Inh0ewRXueaJls7xyWuVC3ZQzGmscrpvcntWpkSR/H8/P4pFQc83IbLtAzNRYTGs
16Hf7zakkk3CHse6mFOxqRChr7dennNsSuelfA/mswBnreFpLtaZd90EEvR8OMEj13
17rEKHvPim78IGObqhuzCOo7RvZMf6nk/9VedYrtzuNWBx4gTZmn6gaojwBWg+VwFX
18eE67k9MpQ7aXsshfTDQ5
19=ZIVM
20-----END PGP SIGNATURE-----
  8. laanwj merged this on Oct 20, 2014
  9. laanwj closed this on Oct 20, 2014
  10. laanwj referenced this in commit 64ffc995d6 on Oct 20, 2014
  11. laanwj commented at 9:37 am on October 20, 2014: member
    Tested ACK
  12. DrahtBot locked this on Sep 8, 2021


maaku sipa laanwj TheBlueMatt

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-05 19:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me