Author: Prayank 2022-01-01 21:03:11
Published on: 2022-01-01T21:03:11+00:00
The author of the email is calling for the removal of all notify options from Bitcoin Core, as they can aid attackers in compromising machines running the software. The author suggests three potential solutions to this problem: removing notifications.dat, not using system() in runCommand(), and introducing a new setting in settings.json file called notifypolicy that is restricted by default but can be set to unrestricted. The author claims that these issues have been explained multiple times in various PRs and to different individuals, including reviewers who have rejected proposals due to their lack of understanding about the issues at hand. The author provides links to two specific PRs where these issues were discussed. The author expresses frustration with the lack of interest in addressing these issues and indicates that this email is an attempt to raise awareness about them. The author also mentions being asked to not review and comment on a specific PR. Finally, the author notes that this email will be helpful in their security project and wishes everyone a happy new year.
Updated on: 2023-05-22T16:30:13.222478+00:00