Bitcoin Forum
September 21, 2018, 08:50:52 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: A security bug in headless client?  (Read 8164 times)
d1337r
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
July 16, 2010, 10:51:28 AM
 #1

(not found by me, but by linux.org.ru user mkfifo)

If you start bitcoind as one user, then type some command as the other user (e.g. bitcoind getbalance), it will work and output your balance. It may be very dangerous on multi-user systems. Imagine there is a user with a hard password that owns bitcoin wallet and a user with weak password that doesn't. So if a hacker breaks the other user's password or gets access to the other user's account, he could steal the money from the first user.

Some desktops (Windows and Linux) even have the guest account with no password, that can be used to steal bitcoins too.

The solution would be to open a UNIX socket with read/write permissions only for the user/group it is opened as.

   SEMUX   -   An innovative high-performance blockchain platform   
▬▬▬▬▬      Powered by Semux BFT consensus algorithm      ▬▬▬▬▬
Github    -    Discord    -    Twitter    -    Telegram    -    Get Free Airdrop Now!
1537563052
Hero Member
*
Offline Offline

Posts: 1537563052

View Profile Personal Message (Offline)

Ignore
1537563052
Reply with quote  #2

1537563052
Report to moderator
Einax Airdrops and Bounties made easy! List your ERC-20 token
FREE
ETH markets launching soon!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537563052
Hero Member
*
Offline Offline

Posts: 1537563052

View Profile Personal Message (Offline)

Ignore
1537563052
Reply with quote  #2

1537563052
Report to moderator
1537563052
Hero Member
*
Offline Offline

Posts: 1537563052

View Profile Personal Message (Offline)

Ignore
1537563052
Reply with quote  #2

1537563052
Report to moderator
mkfifo
Newbie
*
Offline Offline

Activity: 4
Merit: 0



View Profile
July 16, 2010, 12:00:27 PM
 #2

i make topic: http://bitcointalk.org/index.php?topic=410.0

thank d1337r! :-)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!