Issue Details

Number

20866

Title

Restrict RPCs that make server-side files

Description

Currently `dumpwallet` (and other RPCs that create server-side files) can scribble all over the file system, at least as the user running `bitcoind` permits. It would be better if these were at the least limited to the data directory, or even a specific directory within the data directory, say, `~/.bitcoin/dumpwallet`—to avoid name collisions with wallets, lock files and database files. Overwriting is already prevented. (Issue originally reported by Florian Mathieu)

URL

https://github.com/bitcoin/bitcoin/issue/20866

Closed by

Notes

Attention of

Kill Factor (1-10)

Save

Back to List