Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Linux key storage major security flaw
See original GitHub issueStoring keys on Linux is super unsafe. First, it is COMPLETELY unencrypted. Anyone who has access to the filesystem can steal all funds. Moreover, what is really huge, is that permissions set to the Keystore files allow read access to ALL users in the system.
$ ls -l ~/.chia/mainnet/wallet/db/
-rw-r--r-- 1 ******** ******** ******** ******** ********
....
What should be done:
- Keys should be encrypted
- Permissions should be set to 600 instead of 644
Issue Analytics
- State:
- Created 2 years ago
- Reactions:8
- Comments:7 (5 by maintainers)
Top Results From Across the Web
The Top 10 Linux Kernel Vulnerabilities You Must Know | Mend
The Top 10 Linux Kernel Vulnerabilities You Must Know · #1 CVE-2017-18017 · #2 CVE-2015-8812 · #3 CVE-2016-10229 · #4 CVE-2014-2523 · #5...
Read more >Serious Security: Linux full-disk encryption bug fixed – patch ...
But what if there's a bug? ; Changing the low-level key means decrypting and re-encrypting the entire disk. This may take several hours....
Read more >A Look at Linux: Threats, Risks, and Recommendations
Thousands of vulnerabilities plague different Linux distributions · Linux vulnerabilities lead to RCE, breaches, other critical security risks.
Read more >Linux has been bitten by its most high-severity vulnerability in ...
Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016, the year another...
Read more >40 Linux Server Hardening Security Tips [2022 edition] - nixCraft
Top 40 Linux hardening/security tutorial and tips to secure the default installation of RHEL / CentOS / Fedora / Debian / Ubuntu Linux...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Disagree heavily with this. Unix systems have been designed as multiuser systems from the ground up and permissions matter. This is why the permissions are built very deeply into the system. Think of servers on a university campus, share hosters etc. It is absolutely normal and expected that someone might be on the same filesystem who is not necessarily trustworthy.
If someone gets access to the FS, it’s too late anyway