1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
Return-Path: <prayank@tutanota.de>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 843B1C001E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 21:03:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 686E940184
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 21:03:15 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.699
X-Spam-Level:
X-Spam-Status: No, score=-0.699 tagged_above=-999 required=5
tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp2.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=tutanota.de
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id z2Bqa1aUTKNA
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 21:03:14 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162])
by smtp2.osuosl.org (Postfix) with ESMTPS id B936240131
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 21:03:13 +0000 (UTC)
Received: from w3.tutanota.de (unknown [192.168.1.164])
by w1.tutanota.de (Postfix) with ESMTP id 50F3CFBF5A3
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 1 Jan 2022 21:03:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1641070991;
s=s1; d=tutanota.de;
h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender;
bh=khAGczHwIkNwRfhLmyCjPEbBxtxjmNHD5ws2gCtfZ4U=;
b=wmpvi7O3znqDxnnylzHaVL0P8Juq3DfzgjrJQH0Ch2JbxR3oOGu90spKubV0vPVI
oMrBGKgilioJHlmn1p+lhl5Yc6GjM16gIyg+p4ncsbMvgKvr9pK1bKrhSIpAJ7z3bc4
4ol630imUjUsL9rcETySiqfzwLQ3X59FHHQ1NpjKsSmtTF4hvt3wfBuOLsQrmXZRAS0
hGgp8pysRJqpRfyYQCDTPar8q9L8npOUiQW4bSdUJIu0LP51xXtq82ZIEnl7aqMFo3p
kB6U6Xoc9RQJ+oVZJIbgAwWeKyMbkC5CURJlYLd8tFE4LSsNjdvh2bgsSq4pKnXZ2Ft
KJNralDcFg==
Date: Sat, 1 Jan 2022 22:03:11 +0100 (CET)
From: Prayank <prayank@tutanota.de>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <MsMS0F9--3-2@tutanota.de>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_476048_1592426282.1641070991314"
X-Mailman-Approved-At: Sat, 01 Jan 2022 22:39:59 +0000
Subject: [bitcoin-dev] Nuke *notify options from Bitcoin Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jan 2022 21:03:15 -0000
------=_Part_476048_1592426282.1641070991314
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Hello World,
What?
Remove all *notify options from Bitcoin Core (full node implementation used by 99% nodes)
Or one of the below:
notifications.dat
not use system() in runCommand()
Use a new setting in settings.json file, notifypolicy which is 0 by default (restricted) and can be set to 1 (unrestricted)
Why?
They can help attackers in doing almost anything on machines running Bitcoin Core with some social engineering.
How?
Everything is explained several times in different issues, PRs etc. to different people including few reviewers who even NACKed a PR that would help in adding such options but with some documentation. I won't comment much about the reviewers but some of them were clueless about issue and how things work.
Example: Calling something misleading and ludicrous when you don't even know what works in Windows shortcut and could not share one example of financial application https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-1003496126
TL;DR
https://github.com/bitcoin/bitcoin/pull/23395#issuecomment-956353035
https://github.com/bitcoin/bitcoin/issues/23412#issuecomment-970480769
To be honest, neither I have energy left to highlight the importance of these issues nor most of the people look interested in this space to address it. This email is a part of my efforts to share things with everyone which I even tried with documentation. There is something seriously wrong if few people including maintainers acknowledge the issues with *notify options but nobody wants to fix it or document it, I will leave it for people to form their own opinions about it.
Last but not least I was even asked to not review and comment in https://github.com/bitcoin/bitcoin/pull/23395 when I was just responding to others.
This will be helpful in my security project which was already shared in mailing list to highlight what users expect from developers and future of money, review process etc. and what is the ground reality.
Happy New Year
--
Prayank
A3B1 E430 2298 178F
------=_Part_476048_1592426282.1641070991314
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF-8=
">
</head>
<body>
<div>Hello World,<br></div><div dir=3D"auto"><br></div><div dir=3D"auto">Wh=
at?<br></div><div dir=3D"auto"><br></div><div dir=3D"auto">Remove all *noti=
fy options from Bitcoin Core (full node implementation used by 99% nodes)<b=
r></div><div dir=3D"auto"><br></div><div dir=3D"auto">Or one of the below:<=
br></div><div dir=3D"auto"><br></div><div dir=3D"auto">notifications.dat<br=
></div><div dir=3D"auto">not use system() in runCommand()<br></div><div dir=
=3D"auto">Use a new setting in settings.json file, notifypolicy which is 0 =
by default (restricted) and can be set to 1 (unrestricted)<br></div><div di=
r=3D"auto"><br></div><div dir=3D"auto">Why?<br></div><div dir=3D"auto"><br>=
</div><div dir=3D"auto">They can help attackers in doing almost anything on=
machines running Bitcoin Core with some social engineering.<br></div><div =
dir=3D"auto"><br></div><div dir=3D"auto">How?<br></div><div dir=3D"auto"><b=
r></div><div dir=3D"auto">Everything is explained several times in differen=
t issues, PRs etc. to different people including few reviewers who even NAC=
Ked a PR that would help in adding such options but with some documentation=
. I won't comment much about the reviewers but some of them were clueless a=
bout issue and how things work.<br></div><div dir=3D"auto"><br></div><div d=
ir=3D"auto">Example: Calling something misleading and ludicrous when you do=
n't even know what works in Windows shortcut and could not share one exampl=
e of financial application https://github.com/bitcoin/bitcoin/issues/23412#=
issuecomment-1003496126<br></div><div dir=3D"auto"><br></div><div dir=3D"au=
to">TL;DR<br></div><div dir=3D"auto"><br></div><div dir=3D"auto">https://gi=
thub.com/bitcoin/bitcoin/pull/23395#issuecomment-956353035<br></div><div di=
r=3D"auto"><br></div><div dir=3D"auto">https://github.com/bitcoin/bitcoin/i=
ssues/23412#issuecomment-970480769<br></div><div dir=3D"auto"><br></div><di=
v dir=3D"auto">To be honest, neither I have energy left to highlight the im=
portance of these issues nor most of the people look interested in this spa=
ce to address it. This email is a part of my efforts to share things with e=
veryone which I even tried with documentation. There is something seriously=
wrong if few people including maintainers acknowledge the issues with *not=
ify options but nobody wants to fix it or document it, I will leave it for =
people to form their own opinions about it.<br></div><div dir=3D"auto"><br>=
</div><div dir=3D"auto">Last but not least I was even asked to not review a=
nd comment in https://github.com/bitcoin/bitcoin/pull/23395 when I was just=
responding to others. <br></div><div dir=3D"auto"><br></div><div dir=3D"au=
to">This will be helpful in my security project which was already shared in=
mailing list to highlight what users expect from developers and future of =
money, review process etc. and what is the ground reality.<br></div><div di=
r=3D"auto"><br></div><div dir=3D"auto">Happy New Year<br></div><div><br></d=
iv><div>-- <br></div><div>Prayank<br></div><div><br></div><div dir=3D"auto"=
>A3B1 E430 2298 178F<br></div> </body>
</html>
------=_Part_476048_1592426282.1641070991314--
|