Topic: WTF? bitcoin-qt Wallet Passphrase in history??? (Bitcoin Knots) (Read 5520 times)
This is fixed in Knots 0.13.1.
October 23, 2016, 12:08:14 AM
This issue has been assigned CVE-2016-8889 and will be fixed in the next release of Bitcoin Knots.
September 26, 2016, 08:28:25 PM
Code:
# eix bitcoin-qt
[I] net-p2p/bitcoin-qt
Available versions: 0.10.2 (~)0.10.2-r1 (~)0.11.0 (~)0.11.1 (~)0.11.2 (~)0.12.0 (~)0.12.1 (~)0.13.0 **9999 {1stclassmsg bitcoin_policy_cltv bitcoin_policy_cpfp bitcoin_policy_dcmp (+)bitcoin_policy_rbf bitcoin_policy_spamfilter dbus +http kde +libevent libressl ljr +qrcode qt4 qt5 test +tor upnp +wallet xt zeromq LINGUAS="ach af af_ZA ar be_BY bg bg_BG bs ca ca@valencia ca_ES cmn cs cs_CZ cy da de el el_GR en en_GB eo es es_419 es_AR es_CL es_CO es_DO es_ES es_MX es_UY es_VE et eu_ES fa fa_IR fi fil fr fr_CA fr_FR gl gu_IN he hi_IN hr hu id_ID it it_IT ja ka kk_KZ ko_KR ku_IQ ky la lt lv_LV mk_MK mn ms_MY nb nl pam pl pt_BR pt_PT ro ro_RO ru ru_RU sah sk sl_SI sq sr sr@latin sv ta th_TH tr tr_TR uk ur_PK uz@Cyrl uz@Latn vi vi_VN zh zh_CN zh_HK zh_TW"}
Installed versions: 0.13.0(06:14:35 PM 08/30/2016)(dbus ljr qrcode qt4 wallet -bitcoin_policy_rbf -bitcoin_policy_spamfilter -http -kde -libevent -libressl -qt5 -test -tor -upnp -zeromq LINGUAS="cs de en -af -af_ZA -ar -be_BY -bg -bg_BG -ca -ca@valencia -ca_ES -cs_CZ -cy -da -el -el_GR -en_GB -eo -es -es_AR -es_CL -es_CO -es_DO -es_ES -es_MX -es_UY -es_VE -et -eu_ES -fa -fa_IR -fi -fr -fr_CA -fr_FR -gl -he -hi_IN -hr -hu -id_ID -it -it_IT -ja -ka -kk_KZ -ko_KR -ku_IQ -ky -la -lt -lv_LV -mk_MK -mn -ms_MY -nb -nl -pam -pl -pt_BR -pt_PT -ro -ro_RO -ru -ru_RU -sk -sl_SI -sq -sr -sr@latin -sv -ta -th_TH -tr -tr_TR -uk -ur_PK -uz@Cyrl -vi -vi_VN -zh -zh_CN -zh_HK -zh_TW")
Homepage: http://bitcoincore.org/
But...
unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all.
Where are you getting that version from? That indicates Core, not Knots. :/Please open an issue here: https://github.com/bitcoinknots/bitcoin/issues
September 17, 2016, 02:49:35 AM
ldd doesn't indicate libreadline or libhistory is linked:
The only other "anomaly" of my bitcoin-qt I am aware of, is that I start it on my server with remote display to my notebook (X Server Protocol). It should be completely transparent, but not sure if that could do something.
Naturally I would want this mystery to be solved, but I am quite reluctant to put my bitcoin-qt binary somewhere to download for inspection, as I do not know what could be stored in it.
Rico
Code:
# ldd /usr/bin/bitcoin-qt
linux-vdso.so.1 (0x00007ffea858d000)
libunivalue.so.0 => /usr/lib64/libunivalue.so.0 (0x00007f54822ec000)
libleveldb.so.1 => /usr/lib64/libleveldb.so.1 (0x00007f548208e000)
libmemenv.so.1 => /usr/lib64/libmemenv.so.1 (0x00007f5481e86000)
libboost_system.so.1.61.0 => /usr/lib64/libboost_system.so.1.61.0 (0x00007f5481c82000)
libboost_filesystem.so.1.61.0 => /usr/lib64/libboost_filesystem.so.1.61.0 (0x00007f5481a68000)
libboost_program_options.so.1.61.0 => /usr/lib64/libboost_program_options.so.1.61.0 (0x00007f54817e7000)
libboost_thread.so.1.61.0 => /usr/lib64/libboost_thread.so.1.61.0 (0x00007f54815be000)
libboost_chrono.so.1.61.0 => /usr/lib64/libboost_chrono.so.1.61.0 (0x00007f54813b6000)
libQtGui.so.4 => /usr/lib64/qt4/libQtGui.so.4 (0x00007f548083d000)
libQtNetwork.so.4 => /usr/lib64/qt4/libQtNetwork.so.4 (0x00007f5480530000)
libQtDBus.so.4 => /usr/lib64/qt4/libQtDBus.so.4 (0x00007f54802c9000)
libQtCore.so.4 => /usr/lib64/qt4/libQtCore.so.4 (0x00007f547fdb2000)
libqrencode.so.3 => /usr/lib64/libqrencode.so.3 (0x00007f547fba6000)
libprotobuf.so.10 => /usr/lib64/libprotobuf.so.10 (0x00007f547f72d000)
libdb_cxx-4.8.so => /usr/lib64/libdb_cxx-4.8.so (0x00007f547f38b000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f547f16f000)
libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f547ed98000)
libsecp256k1.so.0 => /usr/lib64/libsecp256k1.so.0 (0x00007f547eb72000)
libanl.so.1 => /lib64/libanl.so.1 (0x00007f547e96e000)
libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libstdc++.so.6 (0x00007f547e5ec000)
libm.so.6 => /lib64/libm.so.6 (0x00007f547e2e9000)
libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/libgcc_s.so.1 (0x00007f547e0d2000)
libc.so.6 => /lib64/libc.so.6 (0x00007f547dd39000)
librt.so.1 => /lib64/librt.so.1 (0x00007f547db31000)
libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f547d820000)
libpng16.so.16 => /usr/lib64/libpng16.so.16 (0x00007f547d5ed000)
libz.so.1 => /lib64/libz.so.1 (0x00007f547d3d7000)
libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007f547d128000)
libSM.so.6 => /usr/lib64/libSM.so.6 (0x00007f547cf1f000)
libICE.so.6 => /usr/lib64/libICE.so.6 (0x00007f547cd02000)
libXi.so.6 => /usr/lib64/libXi.so.6 (0x00007f547caf2000)
libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00007f547c8e8000)
libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00007f547c6dd000)
libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00007f547c4d7000)
libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00007f547c2cc000)
libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007f547c088000)
libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007f547be75000)
libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007f547bb36000)
libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f547b8ca000)
libQtXml.so.4 => /usr/lib64/qt4/libQtXml.so.4 (0x00007f547b68e000)
libdbus-1.so.3 => /usr/lib64/libdbus-1.so.3 (0x00007f547b447000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f547b243000)
/lib64/ld-linux-x86-64.so.2 (0x00007f54824fe000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f547afff000)
libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f547adef000)
libbsd.so.0 => /usr/lib64/libbsd.so.0 (0x00007f547abd8000)
libexpat.so.1 => /usr/lib64/libexpat.so.1 (0x00007f547a9ae000)
libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007f547a785000)
libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007f547a581000)
libXdmcp.so.6 => /usr/lib64/libXdmcp.so.6 (0x00007f547a37b000)
The only other "anomaly" of my bitcoin-qt I am aware of, is that I start it on my server with remote display to my notebook (X Server Protocol). It should be completely transparent, but not sure if that could do something.
Naturally I would want this mystery to be solved, but I am quite reluctant to put my bitcoin-qt binary somewhere to download for inspection, as I do not know what could be stored in it.
Rico
September 16, 2016, 12:04:58 PM
Please carefully read the manpages for https://en.wikipedia.org/wiki/GNU_Readline . Depending on the version and the settings it is capable of saving history per each application linked with libreadline.so .
September 16, 2016, 10:46:37 AM
interesting...
Very interesting, considering the RPCConsole constructor initialises the history by calling clear() and there is no code anywhere for saving or restoring history from previous sessions. Unless you (or someone else) has modified this code, what you're claiming is... impossible. 
September 16, 2016, 10:37:24 AM
So if you say I'm experiencing something no one has seen so far... interesting...
Rico
Indeed, you are experiencing an issue that no one else has before.Rico
Here, I made a PR fixing this: https://github.com/bitcoin/bitcoin/pull/8746.
September 16, 2016, 10:32:26 AM
No version I've ever used saves history when closed. Are you quite sure you're not just minimising it?
Minimising?
You're talking to someone who starts (and sees ending) his bitcoin-qt like this:Code:
# bitcoin-qt
[1]+ Done bitcoin-qt
it's a self-compiled version under Gentoo linux:
Code:
# eix bitcoin-qt
[I] net-p2p/bitcoin-qt
Available versions: 0.10.2 (~)0.10.2-r1 (~)0.11.0 (~)0.11.1 (~)0.11.2 (~)0.12.0 (~)0.12.1 (~)0.13.0 **9999 {1stclassmsg bitcoin_policy_cltv bitcoin_policy_cpfp bitcoin_policy_dcmp (+)bitcoin_policy_rbf bitcoin_policy_spamfilter dbus +http kde +libevent libressl ljr +qrcode qt4 qt5 test +tor upnp +wallet xt zeromq LINGUAS="ach af af_ZA ar be_BY bg bg_BG bs ca ca@valencia ca_ES cmn cs cs_CZ cy da de el el_GR en en_GB eo es es_419 es_AR es_CL es_CO es_DO es_ES es_MX es_UY es_VE et eu_ES fa fa_IR fi fil fr fr_CA fr_FR gl gu_IN he hi_IN hr hu id_ID it it_IT ja ka kk_KZ ko_KR ku_IQ ky la lt lv_LV mk_MK mn ms_MY nb nl pam pl pt_BR pt_PT ro ro_RO ru ru_RU sah sk sl_SI sq sr sr@latin sv ta th_TH tr tr_TR uk ur_PK uz@Cyrl uz@Latn vi vi_VN zh zh_CN zh_HK zh_TW"}
Installed versions: 0.13.0(06:14:35 PM 08/30/2016)(dbus ljr qrcode qt4 wallet -bitcoin_policy_rbf -bitcoin_policy_spamfilter -http -kde -libevent -libressl -qt5 -test -tor -upnp -zeromq LINGUAS="cs de en -af -af_ZA -ar -be_BY -bg -bg_BG -ca -ca@valencia -ca_ES -cs_CZ -cy -da -el -el_GR -en_GB -eo -es -es_AR -es_CL -es_CO -es_DO -es_ES -es_MX -es_UY -es_VE -et -eu_ES -fa -fa_IR -fi -fr -fr_CA -fr_FR -gl -he -hi_IN -hr -hu -id_ID -it -it_IT -ja -ka -kk_KZ -ko_KR -ku_IQ -ky -la -lt -lv_LV -mk_MK -mn -ms_MY -nb -nl -pam -pl -pt_BR -pt_PT -ro -ro_RO -ru -ru_RU -sk -sl_SI -sq -sr -sr@latin -sv -ta -th_TH -tr -tr_TR -uk -ur_PK -uz@Cyrl -vi -vi_VN -zh -zh_CN -zh_HK -zh_TW")
Homepage: http://bitcoincore.org/
of course, when I end it, no bitcoin* process runs anymore
Code:
# ps aux | grep bitcoin
root 17280 0.0 0.0 114584 772 pts/0 S+ 17:28 0:00 grep --colour=auto bitcoin
So if you say I'm experiencing something no one has seen so far... interesting...
Rico
September 16, 2016, 10:08:01 AM
Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.
I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.
Let me check again:
Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like
walletpassphrase "shitty passphrase" timeout
appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.
No version I've ever used saves history when closed. Are you quite sure you're not just minimising it? My only explanation so far would be, that some old version of bitcoin core did write this.
I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.
Let me check again:
Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like
walletpassphrase "shitty passphrase" timeout
appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.
September 16, 2016, 09:15:07 AM
Really? That is quite strange. It works for me on multiple systems. The history is never written to the disk so it should not persist across instances of Bitcoin Core.
Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.
I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.
Let me check again:
Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like
walletpassphrase "shitty passphrase" timeout
appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.
Rico
September 16, 2016, 09:03:27 AM
Really? That is quite strange. It works for me on multiple systems. The history is never written to the disk so it should not persist across instances of Bitcoin Core.
Not sure about being written to disk, but it definitely had to read it from the disk.
My only explanation so far would be, that some old version of bitcoin core did write this.
I have not yet restarted my server since I found out with the 0.13.0, I actually cannot claim id does write something to the disk.
But as I have restarted Bitcoin core several times on the running server (uptime like 2 days), I can confirm that the history stored on disk - obviously, but maybe from earlier versions - 0.13.0 did read on every startup.
Let me check again:
Yup. My bitcoin-qt definitely stores history to disk, as even garbage I put in, like
walletpassphrase "shitty passphrase" timeout
appears again after I shutdown and restart my bitcoin-qt and then simply press arrow up.
of course I know what a git PR is.
Rico
September 16, 2016, 08:40:53 AM
It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.
(i found the pale blue (x))
unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all. Not if I restart Bitcoin Core, not if restart the computer.
You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore.
Ok, I'll submit a press release.
Rico
September 16, 2016, 08:36:13 AM
It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.
(i found the pale blue (x))
unfortunately, v0.13.0.0-ga402396 (64-bit) doesn't clear the history at all. Not if I restart Bitcoin Core, not if restart the computer.
You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore.
Ok, I'll submit a press release.
Rico
September 16, 2016, 08:07:57 AM
By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine? 
There is no "Clear Console button", but Control-L works. Thanks.
I did not write other people have access to my machine, I wrote "when someone gained access". Big difference - you're welcome.
I will use Control-L from now on, but I still fail to see why this isn't default after bitcoin-qt has been closed, at least cleanse history from all critical or potentially critical information (passphrase, private keys etc.).
It should clear the history every time you restart Bitcoin Core. It doesn't do that when you close the debug window though.I will use Control-L from now on, but I still fail to see why this isn't default after bitcoin-qt has been closed, at least cleanse history from all critical or potentially critical information (passphrase, private keys etc.).
Quite a security risk IMHO, especially as I cannot recall to have read that big fat warning to "not forget doing Ctrl-L" after entering some sensitive information. Actually the help states Ctrl-L is for clearing the screen - not screen and history.
Rico
You're a programmer. You should submit a PR to fix this, or at the very least, open an issue and suggest it. The developers don't frequent this forum anymore. Rico
September 16, 2016, 04:58:43 AM
By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine?
There is no "Clear Console button", but Control-L works. Thanks.
I did not write other people have access to my machine, I wrote "when someone gained access". Big difference - you're welcome.
I will use Control-L from now on, but I still fail to see why this isn't default after bitcoin-qt has been closed, at least cleanse history from all critical or potentially critical information (passphrase, private keys etc.).
Quite a security risk IMHO, especially as I cannot recall to have read that big fat warning to "not forget doing Ctrl-L" after entering some sensitive information. Actually the help states Ctrl-L is for clearing the screen - not screen and history.
Rico
September 16, 2016, 04:44:41 AM
How do I get rid of this unbelievable behavior?
By clicking the Clear Console button (shortcut: Control-L), which has the added benefit that your passphrase is no longer displayed right there on the screen, so why on Earth would you not clear it anyway if other people have access to your machine? September 16, 2016, 03:41:36 AM
I just found out, that my wallet passphrase is kept SOMEWHERE in the history of the debug window in my bitcoin-qt client.
WTF!?
For importing private keys (or whatever other operation needs this), you have to unlock the wallet if it is protected by a passphrase.
You do this by typing
walletpassphrase ""
WTF!?
For importing private keys (or whatever other operation needs this), you have to unlock the wallet if it is protected by a passphrase.
You do this by typing
walletpassphrase "
Jump to: