add harden_memory_linux: harder for other processes to read our memory

This module tries to restrict the ability of other processes to access the memory of our process. Traditionally, on Linux, one process can access the memory of another arbitrary process if both are running as the same user (uid). (Root can ofc access the memory of ~any process) Programs can opt-out from this by setting `prctl(PR_SET_DUMPABLE, 0);` also see https://man.archlinux.org/man/PR_SET_DUMPABLE.2const.en ----- Also, from https://unix.stackexchange.com/a/518452 : In a terminal window: ``` % echo $$ # show our pid 6744 % read -sp 'secret password: '; echo secret password: % ``` Then in another terminal window: ``` % grep heap /proc/6744/maps 01bb7000-01c3e000 rw-p 00000000 00:00 0 [heap] % dd if=/proc/6744/mem bs=1 skip=$((0x01bb7000)) count=$((0x01c3e000-0x01bb7000)) status=none | strings | less ... % dd if=/proc/6744/mem bs=1 skip=$((0x01bb7000)) count=$((0x01c3e000-0x01bb7000)) status=none | strings | grep obiwan obiwan_kenobi # "secret password" ```
2025-04-18 00:38:50 +00:00
parent 5f83fffd2e
commit d7bc6cbb3c
2 changed files with 98 additions and 0 deletions
--- a/4
+++ b/4
@@ -419,6 +419,10 @@ def main():
        print_stderr('unknown command:', uri)
        sys.exit(1)

+    if sys.platform == "linux" and not is_android:
+        import electrum.harden_memory_linux
+        electrum.harden_memory_linux.set_dumpable_safe(False)
+
    if cmdname == 'daemon' and config.get("detach"):
        # detect lockfile.
        # This is not as good as get_file_descriptor, but that would require the asyncio loop