fix insecure default inherited from zcash + implement secure deletion of debug.log#99
Closed
hairetikos wants to merge 8 commits intoZclassicCommunity:masterfrom
Closed
fix insecure default inherited from zcash + implement secure deletion of debug.log#99hairetikos wants to merge 8 commits intoZclassicCommunity:masterfrom
hairetikos wants to merge 8 commits intoZclassicCommunity:masterfrom
Conversation
fix full complete sync from genesis (without fast sync) Allow larger blocks for historical chain variations
since updating the curl version to a more secure version, it will try to build with libpsl by default, which will fail on platforms without libspl we don't need spl, so add --without-libpsl to fix those builds
img2txt -W 88 -H 20 -f utf8 -d none contrib/newlogo.png > newlogo.ansi
this insecure default was inherited from zcash debug.log contains a lot of sensitive transaction metadata, it should only be enabled for debugging purposes (hence, it is called debug.log) disable it by default
These functions securely shred files using a 3-pass overwrite pattern, ensuring sensitive data is irrecoverable. This is important because the `debug.log` file may contain sensitive transaction metadata. `debug.log` should only be used for debugging purposes. a function to also securely shred the onion V3 private key. upon restarting the node a new V3 key and address will be auto-generated
Author
|
i have tested the shred function by checking but it may be best instead to implement it using exising OS-specific shredding tools such as will close this, and re-open the PR using existing shredding tools, the best option |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #97
Logging Configuration
debug.logby default. This insecure default was inherited from zcash. the debug log may contain sensitive transaction metadata. it should only be used for debugging, not for production, therefore debug logs now are not created unless explicitly enabled.-debuglogfileconfig option since it is now disabled by defaultPrivacy and Secure File Handling
Added two new RPC commands:
shredlogsandshredonion, which securely destroy thedebug.log,db.log, and Tor onion service private key files using a multi-pass overwrite and deletion process. This helps protect user privacy by ensuring sensitive metadata and keys are unrecoverable. upon restarting the node, a new Onion V3 private key and address will be auto-generatedthe
SecureShredFilefunction insrc/rpc/misc.cppperforms a DoD 5220.22-M-style secure file wiping, including overwriting with multiple patterns, renaming, and then deleting the file.These changes collectively enhance the privacy and security of the application, giving users more control over sensitive files and debug information.