mimblewimble/grin

Fence off txhashset validation in its own process

Open

#2741 opened on Apr 10, 2019

View on GitHub
 (11 comments) (0 reactions) (0 assignees)Rust (4,876 stars) (991 forks)batch import
enhancementhelp wanted

Description

When downloaded from the network on sync, a txhashset archive should be handled with more care than we do now, as it could be forged to mess things up in all sorts of ways. We should fence this off in a different process until the validation code is completely happy with what we were provided. Something like chroot, that limits the hard drive visibility of the forked process would also be great but may be hard to achieve across platforms.

Contributor guide

Tech stack
rust
Domain
backendsecurityperformance
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
over 1 week
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Basic Rust programmingProcess forking in Rustgrin codebase structure
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
25
Research direction
Examine the current txhashset validation code in the grin codebase (likely in src/core or src/sync). Investigate Rust's std::process API for spawning child processes. Research cross platform ways to limit file system access (e.g., using containers, seccomp, or platform specific chroot). Review the 11 comments in the issue for any design suggestions or blockers.