Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information #5095

pull maaku wants to merge 1 commits into bitcoin:master from maaku:rpcpassword-in-debug-log changing 4 files +12 −2
  1. maaku commented at 11:23 pm on October 16, 2014: contributor

    This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the ‘rpcpassword’ option configured, resulting in the “suggested” password being output to the debug log.

    Fixes #5094.

  2. in src/noui.cpp: in ea48502838 outdated
    13@@ -14,6 +14,9 @@
    14 
    15 static bool noui_ThreadSafeMessageBox(const std::string& message, const std::string& caption, unsigned int style)
    16 {
    17+    bool fSecure = style & CClientUIInterface::SECURE;
    18+    style ^= CClientUIInterface::SECURE;
    


    sipa commented at 11:44 pm on October 16, 2014:

    Sure you don’t mean:

    0style &= ~CClientUIInterface::SECURE
    

    here?


    maaku commented at 6:56 am on October 17, 2014:
    Whoops, yep. The first version had that line inside an if (fSecure) block. Fixing…
  3. laanwj commented at 6:31 am on October 17, 2014: member
    Looks like an acceptable solution to me (apart from sipa’s nit).
  4. Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log. d4746d56c0
  5. maaku force-pushed on Oct 17, 2014
  6. maaku commented at 6:52 pm on October 17, 2014: contributor
    Pushed an update last night fixing sipa’s correct nit.
  7. TheBlueMatt commented at 0:30 am on October 18, 2014: member
     0-----BEGIN PGP SIGNED MESSAGE-----
     1Hash: SHA1
     2
     3Tested ACK commithash d4746d56c0c45b8721da36bc19b2bdaba5d7d094
     4-----BEGIN PGP SIGNATURE-----
     5Version: GnuPG v2
     6
     7iQIcBAEBAgAGBQJUQbR4AAoJEIm7uGY+LmXOhPEQAN/yAG2CrjWTcJqB+GDHeL4l
     8hncyJAVjpAasQFls0D9IxQP8vrb3bRy5m2JjU8npIKgrqJF0+785IZZFoGhw74d+
     9MofGkx9iFySg91y5VysmIARVAKuGiH6yK6udxSZvH7qU86u4CP/kRJe1qSO0NaMq
    10zTLab+QdCgwH02qo2sBQtz3+IosRb/+QvqE1JnaxRTcQXOmtatZl4YtA/8Kqq3LX
    11J6StzsiG+riMaXzm69OOX87Tp/AZa7git5QNxWhPSaHanq5T2sg7cQgOBEE/2cuY
    12padjK8MfuRer9nDnmgYuHegmKm0MSygc9F2Vk7s1rPpyzUZBZrkXHkPoFeCwZNh9
    13NsfMALYDRtfM6lZ8qhpn6KOIJPENscZj9WwMGsqdjyPcoqXPCW86Da//R7mDEg0n
    14EBY4h/xZLM3f00mCr9MKnw35rkKHI++F5poOTpIsfHp9czcJRIoAWKD8x1abfVgK
    15Inh0ewRXueaJls7xyWuVC3ZQzGmscrpvcntWpkSR/H8/P4pFQc83IbLtAzNRYTGs
    16Hf7zakkk3CHse6mFOxqRChr7dennNsSuelfA/mswBnreFpLtaZd90EEvR8OMEj13
    17rEKHvPim78IGObqhuzCOo7RvZMf6nk/9VedYrtzuNWBx4gTZmn6gaojwBWg+VwFX
    18eE67k9MpQ7aXsshfTDQ5
    19=ZIVM
    20-----END PGP SIGNATURE-----
    
  8. laanwj merged this on Oct 20, 2014
  9. laanwj closed this on Oct 20, 2014

  10. laanwj referenced this in commit 64ffc995d6 on Oct 20, 2014
  11. laanwj commented at 9:37 am on October 20, 2014: member
    Tested ACK
  12. DrahtBot locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 06:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me