highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-08-26 13:42:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5534 from Kixunil/admin-macaroon-group-read

Browse Source 
Allow group reading admin macaroon
This commit is contained in:
Oliver Gugger
2021-07-27 18:16:21 +02:00
committed by GitHub
parent c3962528e2 318d738131
commit 4a6b1f7c82
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/release-notes/release-notes-0.14.0.md
View File

@@ -10,6 +10,19 @@
`lightning.proto`](https://github.com/lightningnetwork/lnd/pull/5473) to fix
a warning related to protobuf file name collisions.
## Security
### Admin macaroon permissions
The default file permissions of admin.macaroon were [changed from 0600 to
0640](https://github.com/lightningnetwork/lnd/pull/5534). This makes it easier
to allow other users to manage LND. This is safe on common Unix systems
because they always create a new group for each user.
If you use a strange system or changed group membership of the group running LND
you may want to check your system to see if it introduces additional risk for
you.
# Build System
* [A new pre-submit check has been
@@ -63,5 +76,6 @@ to make LNDs payment throughput (and latency) with better when using etcd.
# Contributors (Alphabetical Order)
* ErikEk
* Martin Habovstiak
* Zero-1729
* Oliver Gugger

20
lnd.go
View File

@@ -57,6 +57,22 @@ import (
"github.com/lightningnetwork/lnd/watchtower/wtdb"
)
const (
// adminMacaroonFilePermissions is the file permission that is used for
// creating the admin macaroon file.
//
// Why 640 is safe:
// Assuming a reasonably secure Linux system, it will have a
// separate group for each user. E.g. a new user lnd gets assigned group
// lnd which nothing else belongs to. A system that does not do this is
// inherently broken already.
//
// Since there is no other user in the group, no other user can read
// admin macaroon unless the administrator explicitly allowed it. Thus
// there's no harm allowing group read.
adminMacaroonFilePermissions = 0640
)
// AdminAuthOptions returns a list of DialOptions that can be used to
// authenticate with the RPC server with admin capabilities.
// skipMacaroons=true should be set if we don't want to include macaroons with
@@ -1256,7 +1272,9 @@ func genMacaroons(ctx context.Context, svc *macaroons.Service,
if err != nil {
return err
}
if err = ioutil.WriteFile(admFile, admBytes, 0600); err != nil {
err = ioutil.WriteFile(admFile, admBytes, adminMacaroonFilePermissions)
if err != nil {
_ = os.Remove(admFile)
return err
}