-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undesired access to file system by bip_utils #141
Comments
Hi, the library accesses the file system only to read the mnemonic words lists (BIP39, Electrum, etc...).
This is the only function accessing files as you can verify from the source code:
But it's always been like this since the very very beginning, this is nothing new. |
I added a print in the function that loads the mnemonic files and tried your code snippet, there is no file access as I expected (since you are not using any class for generating mnemonics or seeds). |
I will do some more testing when I have time and will let you know if I can trace the root cause. |
Hi, |
Sorry, I got distracted. |
I have a very strange issue with bip_utils, which I think I do not remember having in the past.
When running bip_utils on Windows Subsystems for Linux (Ubuntu20.04, also Ubuntu 22.04, both systems wide and clean virtual Python environments), bip-utils "Unlock drive" pop-ups from bitclocker, meaning that bip_utils or some component thereof is trying to access the filesystem. This is strange behavior and because there is a slight chance it is an exploit I am reporting it.
It is also mighty irritating since I am running Python scripts that utilize bip-utils in parellel triggering huge amounts of pop ups and notifications from Bitlocker, so many that I run out of RAM because of the number of pop-ups. Below is some example code, I narrowed it down to lines of code that trigger this strange behavior.
The input of the test script is many lines with on each line a single mnemonic with words separated by pace. Save the script above as test_parallel_error.py and run it on any Windows Subsystems for Linux command shell to reproduce this behavior:
printf "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about" {1..800000} | parallel --pipe -j 8--blocksize 10000 --spreadstdin python test_parallel_error.py
It should trigger these popups as long as you have at least one drive connected that is locked and encrypted with Bitlocker. Bitlocker popups are however only the symptom, the real question is why any part of bip utils is trying to get access to the file system in the first place.
The text was updated successfully, but these errors were encountered: