WTF? bitcoin-qt Wallet Passphrase in history??? (Bitcoin Knots)

[rico666]

I just found out, that my wallet passphrase is kept SOMEWHERE in the history of the debug window in my bitcoin-qt client.

WTF!?

For importing private keys (or whatever other operation needs this), you have to unlock the wallet if it is protected by a passphrase.
You do this by typing

walletpassphrase "<your passphrase here>" <time>

in the CLI of the debug window to get it unlocked for a <time> limit. Now when someone gained access to the computer, and fired up the debug window, all he had to do was going up the history (arrow up) to see the passphrase in clear text.

"Ich glaube, mein Schwein pfeift" as some Germans would comment on that.

How do I get rid of this unbelievable behavior? How do I find out which "developer" is responsible for that?


Rico

[Foxpup]

How do I get rid of this unbelievable behavior?

By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine?

[rico666]

By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine?

There is no "Clear Console button", but Control-L works. Thanks.

I did not write other people have access to my machine, I wrote "when someone gained access". Big difference - you're welcome.

I will use Control-L from now on, but I still fail to see why this isn't default after bitcoin-qt has been closed, at least cleanse history from all critical or potentially critical information (passphrase, private keys etc.).

Quite a security risk IMHO, especially as I cannot recall to have read that big fat warning to "not forget doing Ctrl-L" after entering some sensitive information. Actually the help states Ctrl-L is for clearing the screen - not screen and history.


Rico

[achow101]

By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine?

There is no "Clear Console button", but Control-L works. Thanks.

It's the x in the circle on the top left of the debug window.

I did not write other people have access to my machine, I wrote "when someone gained access". Big difference - you're welcome.

I will use Control-L from now on, but I still fail to see why this isn't default after bitcoin-qt has been closed, at least cleanse history from all critical or potentially critical information (passphrase, private keys etc.).

It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.

Quite a security risk IMHO, especially as I cannot recall to have read that big fat warning to "not forget doing Ctrl-L" after entering some sensitive information. Actually the help states Ctrl-L is for clearing the screen - not screen and history.


Rico

You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore.

[rico666]

It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.

(i found the pale blue (x))

unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all. Not if I restart Bitcoin Core, not if restart the computer.

You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore.

Ok, I'll submit a press release.  


Rico

[achow101]

It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.

(i found the pale blue (x))

unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all. Not if I restart Bitcoin Core, not if restart the computer.

Really? That is quite strange. It works for me on multiple systems. The history is never written to the disk so it should not persist across instances of Bitcoin Core.

You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore.

Ok, I'll submit a press release.  


Rico

Pull requests: https://github.com/bitcoin/bitcoin/pulls

[rico666]

Really? That is quite strange. It works for me on multiple systems. The history is never written to the disk so it should not persist across instances of Bitcoin Core.

Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.

I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server  (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.

Let me check again:

Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like

walletpassphrase "shitty passphrase" timeout

appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.


of course I know what a git PR is.


Rico

[achow101]

Really? That is quite strange. It works for me on multiple systems. The history is never written to the disk so it should not persist across instances of Bitcoin Core.

Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.

I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server  (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.

Let me check again:

Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like

walletpassphrase "shitty passphrase" timeout

appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.

Rico

Huh. That should never happen. Can you make a video of it please? I am not able to reproduce this.

[Foxpup]

Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.

I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server  (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.

Let me check again:

Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like

walletpassphrase "shitty passphrase" timeout

appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.

No version I've ever used saves history when closed. Are you quite sure you're not just minimising it?

[rico666]

No version I've ever used saves history when closed. Are you quite sure you're not just minimising it?

Minimising?  You're talking to someone who starts (and sees ending) his bitcoin-qt like this:

Code:

# bitcoin-qt 
[1]+  Done                    bitcoin-qt

it's a self-compiled version under Gentoo linux:

Code:

# eix bitcoin-qt
[I] net-p2p/bitcoin-qt
     Available versions:  0.10.2 (~)0.10.2-r1 (~)0.11.0 (~)0.11.1 (~)0.11.2 (~)0.12.0 (~)0.12.1 (~)0.13.0 **9999 {1stclassmsg bitcoin_policy_cltv bitcoin_policy_cpfp bitcoin_policy_dcmp (+)bitcoin_policy_rbf bitcoin_policy_spamfilter dbus +http kde +libevent libressl ljr +qrcode qt4 qt5 test +tor upnp +wallet xt zeromq LINGUAS="ach af af_ZA ar be_BY bg bg_BG bs ca ca@valencia ca_ES cmn cs cs_CZ cy da de el el_GR en en_GB eo es es_419 es_AR es_CL es_CO es_DO es_ES es_MX es_UY es_VE et eu_ES fa fa_IR fi fil fr fr_CA fr_FR gl gu_IN he hi_IN hr hu id_ID it it_IT ja ka kk_KZ ko_KR ku_IQ ky la lt lv_LV mk_MK mn ms_MY nb nl pam pl pt_BR pt_PT ro ro_RO ru ru_RU sah sk sl_SI sq sr sr@latin sv ta th_TH tr tr_TR uk ur_PK uz@Cyrl uz@Latn vi vi_VN zh zh_CN zh_HK zh_TW"}
     Installed versions:  0.13.0(06:14:35 PM 08/30/2016)(dbus ljr qrcode qt4 wallet -bitcoin_policy_rbf -bitcoin_policy_spamfilter -http -kde -libevent -libressl -qt5 -test -tor -upnp -zeromq LINGUAS="cs de en -af -af_ZA -ar -be_BY -bg -bg_BG -ca -ca@valencia -ca_ES -cs_CZ -cy -da -el -el_GR -en_GB -eo -es -es_AR -es_CL -es_CO -es_DO -es_ES -es_MX -es_UY -es_VE -et -eu_ES -fa -fa_IR -fi -fr -fr_CA -fr_FR -gl -he -hi_IN -hr -hu -id_ID -it -it_IT -ja -ka -kk_KZ -ko_KR -ku_IQ -ky -la -lt -lv_LV -mk_MK -mn -ms_MY -nb -nl -pam -pl -pt_BR -pt_PT -ro -ro_RO -ru -ru_RU -sk -sl_SI -sq -sr -sr@latin -sv -ta -th_TH -tr -tr_TR -uk -ur_PK -uz@Cyrl -vi -vi_VN -zh -zh_CN -zh_HK -zh_TW")
     Homepage:            http://bitcoincore.org/

of course, when I end it, no bitcoin* process runs anymore

Code:

# ps aux | grep bitcoin
root     17280  0.0  0.0 114584   772 pts/0    S+   17:28   0:00 grep --colour=auto bitcoin

So if you say I'm experiencing something no one has seen so far... interesting...


Rico

[achow101]

So if you say I'm experiencing something no one has seen so far... interesting...


Rico

Indeed, you are experiencing an issue that no one else has before.

Here, I made a PR fixing this: https://github.com/bitcoin/bitcoin/pull/8746.

[Foxpup]

interesting...

Very interesting, considering the RPCConsole constructor initialises the history by calling clear() and there is no code anywhere for saving or restoring history from previous sessions. Unless you (or someone else) has modified this code, what you're claiming is... impossible.

[2112]

Please carefully read the manpages for https://en.wikipedia.org/wiki/GNU_Readline . Depending on the version and the settings it is capable of saving history per each application linked with libreadline.so .

[rico666]

ldd doesn't indicate libreadline or libhistory is linked:

Code:

# ldd /usr/bin/bitcoin-qt 
        linux-vdso.so.1 (0x00007ffea858d000)
        libunivalue.so.0 => /usr/lib64/libunivalue.so.0 (0x00007f54822ec000)
        libleveldb.so.1 => /usr/lib64/libleveldb.so.1 (0x00007f548208e000)
        libmemenv.so.1 => /usr/lib64/libmemenv.so.1 (0x00007f5481e86000)
        libboost_system.so.1.61.0 => /usr/lib64/libboost_system.so.1.61.0 (0x00007f5481c82000)
        libboost_filesystem.so.1.61.0 => /usr/lib64/libboost_filesystem.so.1.61.0 (0x00007f5481a68000)
        libboost_program_options.so.1.61.0 => /usr/lib64/libboost_program_options.so.1.61.0 (0x00007f54817e7000)
        libboost_thread.so.1.61.0 => /usr/lib64/libboost_thread.so.1.61.0 (0x00007f54815be000)
        libboost_chrono.so.1.61.0 => /usr/lib64/libboost_chrono.so.1.61.0 (0x00007f54813b6000)
        libQtGui.so.4 => /usr/lib64/qt4/libQtGui.so.4 (0x00007f548083d000)
        libQtNetwork.so.4 => /usr/lib64/qt4/libQtNetwork.so.4 (0x00007f5480530000)
        libQtDBus.so.4 => /usr/lib64/qt4/libQtDBus.so.4 (0x00007f54802c9000)
        libQtCore.so.4 => /usr/lib64/qt4/libQtCore.so.4 (0x00007f547fdb2000)
        libqrencode.so.3 => /usr/lib64/libqrencode.so.3 (0x00007f547fba6000)
        libprotobuf.so.10 => /usr/lib64/libprotobuf.so.10 (0x00007f547f72d000)
        libdb_cxx-4.8.so => /usr/lib64/libdb_cxx-4.8.so (0x00007f547f38b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f547f16f000)
        libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f547ed98000)
        libsecp256k1.so.0 => /usr/lib64/libsecp256k1.so.0 (0x00007f547eb72000)
        libanl.so.1 => /lib64/libanl.so.1 (0x00007f547e96e000)
        libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libstdc++.so.6 (0x00007f547e5ec000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f547e2e9000)
        libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libgcc_s.so.1 (0x00007f547e0d2000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f547dd39000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f547db31000)
        libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f547d820000)
        libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f547d5ed000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f547d3d7000)
        libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f547d128000)
        libSM.so.6 => /usr/lib64/libSM.so.6 (0x00007f547cf1f000)
        libICE.so.6 => /usr/lib64/libICE.so.6 (0x00007f547cd02000)
        libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f547caf2000)
        libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f547c8e8000)
        libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f547c6dd000)
        libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f547c4d7000)
        libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f547c2cc000)
        libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f547c088000)
        libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f547be75000)
        libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f547bb36000)
        libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f547b8ca000)
        libQtXml.so.4 => /usr/lib64/qt4/libQtXml.so.4 (0x00007f547b68e000)
        libdbus-1.so.3 => /usr/lib64/libdbus-1.so.3 (0x00007f547b447000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f547b243000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f54824fe000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f547afff000)
        libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f547adef000)
        libbsd.so.0 => /usr/lib64/libbsd.so.0 (0x00007f547abd8000)
        libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f547a9ae000)
        libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f547a785000)
        libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f547a581000)
        libXdmcp.so.6 => /usr/lib64/libXdmcp.so.6 (0x00007f547a37b000)

The only other "anomaly" of my bitcoin-qt I am aware of, is that I start it on my server with remote display to my notebook (X Server Protocol). It should be completely transparent, but not sure if that could do something.

Naturally I would want this mystery to be solved, but I am quite reluctant to put my bitcoin-qt binary somewhere to download for inspection, as I do not know what could be stored in it.


Rico

[Luke-Jr]

Code:

# eix bitcoin-qt
[I] net-p2p/bitcoin-qt
     Available versions:  0.10.2 (~)0.10.2-r1 (~)0.11.0 (~)0.11.1 (~)0.11.2 (~)0.12.0 (~)0.12.1 (~)0.13.0 **9999 {1stclassmsg bitcoin_policy_cltv bitcoin_policy_cpfp bitcoin_policy_dcmp (+)bitcoin_policy_rbf bitcoin_policy_spamfilter dbus +http kde +libevent libressl ljr +qrcode qt4 qt5 test +tor upnp +wallet xt zeromq LINGUAS="ach af af_ZA ar be_BY bg bg_BG bs ca ca@valencia ca_ES cmn cs cs_CZ cy da de el el_GR en en_GB eo es es_419 es_AR es_CL es_CO es_DO es_ES es_MX es_UY es_VE et eu_ES fa fa_IR fi fil fr fr_CA fr_FR gl gu_IN he hi_IN hr hu id_ID it it_IT ja ka kk_KZ ko_KR ku_IQ ky la lt lv_LV mk_MK mn ms_MY nb nl pam pl pt_BR pt_PT ro ro_RO ru ru_RU sah sk sl_SI sq sr sr@latin sv ta th_TH tr tr_TR uk ur_PK uz@Cyrl uz@Latn vi vi_VN zh zh_CN zh_HK zh_TW"}
     Installed versions:  0.13.0(06:14:35 PM 08/30/2016)(dbus ljr qrcode qt4 wallet -bitcoin_policy_rbf -bitcoin_policy_spamfilter -http -kde -libevent -libressl -qt5 -test -tor -upnp -zeromq LINGUAS="cs de en -af -af_ZA -ar -be_BY -bg -bg_BG -ca -ca@valencia -ca_ES -cs_CZ -cy -da -el -el_GR -en_GB -eo -es -es_AR -es_CL -es_CO -es_DO -es_ES -es_MX -es_UY -es_VE -et -eu_ES -fa -fa_IR -fi -fr -fr_CA -fr_FR -gl -he -hi_IN -hr -hu -id_ID -it -it_IT -ja -ka -kk_KZ -ko_KR -ku_IQ -ky -la -lt -lv_LV -mk_MK -mn -ms_MY -nb -nl -pam -pl -pt_BR -pt_PT -ro -ro_RO -ru -ru_RU -sk -sl_SI -sq -sr -sr@latin -sv -ta -th_TH -tr -tr_TR -uk -ur_PK -uz@Cyrl -vi -vi_VN -zh -zh_CN -zh_HK -zh_TW")
     Homepage:            http://bitcoincore.org/

This should get you Bitcoin Knots, which does have a history, but is supposed to filter out walletpassphrase stuff.

But...

unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all.

Where are you getting that version from? That indicates Core, not Knots. :/

Please open an issue here: https://github.com/bitcoinknots/bitcoin/issues

[Luke-Jr]

This issue has been assigned CVE-2016-8889 and will be fixed in the next release of Bitcoin Knots.

[Luke-Jr]

This is fixed in Knots 0.13.1.