Comments (7)
Okay, thank you for your response on this. I see your points and also agree that btc core can't and shouldn't deal with os related graphics peculiarities. Just from a UX/security perspective, I was a bit surprised about it when first encountered. Maybe it could be made optional at some point or a more verbose error message can be printed. In any case, no big issue. I'll close this!
If you're concerned about trusting binaries installed by your OS' package manager, consider Gentoo. But fundamentally, unless you bootstrap your own C compiler from assembly, you're going to have to trust at least a compiler binary and the env to execute it as your root.
from bitcoin.
It's easily fixed by installing it from the repositories (apt install libxcb-xinerama0), however, for a security conscious person this is a bit unsatisfying.
It is expected:
bitcoin/contrib/devtools/symbol-check.py
Line 125 in 43a66c5
from bitcoin.
@laanwj Does #29923 address this?
from bitcoin.
No. That just removes our need to compile all the libs. Everything in Qt is still loaded at runtime.
from bitcoin.
@nimrare The short answer here is that there is no way around trusting your operating system's libraries. Even if all userspace things would be statically linked, you're still relying on your kernel for example. And it turns out that for interacting with graphics subsystems of your operating system, dynamic libraries are practically the only solution, as statically-linked ones would pretty much only work on the exact system they were compiled for.
from bitcoin.
Potentially it could make the dependency on xcb-xinerama optional. There's only a few functions used from that library, for a specific purpose (multiple monitor support), if the library can't be loaded, it can be assumed that this functionality isn't needed. This does mean patching Qt though. Basically to set hasXinerama()
to be false in that case.
)i've handled the xcb/wayland switch in that way--if X libraries can't be found, don't exit, but fail loading the XCB platform and go on to the next one
Edit: But given that you've already had to install X libraries on your system to be able to use X in the first place, the additional security risk of installing another component is negligible, i don't think this is really a pressing issue.
from bitcoin.
@sipa @laanwj Okay, thank you for your response on this. I see your points and also agree that btc core can't and shouldn't deal with os related graphics peculiarities. Just from a UX/security perspective, I was a bit surprised about it when first encountered. Maybe it could be made optional at some point or a more verbose error message can be printed. In any case, no big issue. I'll close this!
from bitcoin.
Related Issues (20)
- Restore wallet taking forever to load HOT 2
- stringop-overflow warning with GCC 14 HOT 4
- Wrong block mined time in testnet HOT 1
- .
- dumpprivkey error HOT 2
- dumpprivkey error HOT 5
- .
- LevelDB error: Corruption: block checksum mismatch didn't trigger reindex. HOT 5
- bug: verify-binaries/verify.py incorrectly parses version string; gives error or downloads wrong files HOT 1
- Improve the bitcoin.conf instructions in init.md doc
- Log: "no wallet support compiled in" when i start bitcoind HOT 3
- LevelDB read failure: Corruption: block checksum mismatch HOT 13
- prune shall not delete blocks it did not download HOT 3
- "netinfo" doesn't show IPv6 "Local addresses" HOT 4
- fuzz, wallet_bdb_parser: BDB builtin encryption is not supported
- descriptor: Tapscript-specific Miniscript key serialization / parsing leads to fuzz timeouts
- Dewyboy
- Enable `importprivkey`, `addmultisigaddress` in descriptor wallets HOT 1
- Add "maxuploadtargettimeframe" to change the timeframe considered by "maxuploadtarget"
- show error "could not sign any more inputs" when sign PSBT for multisig
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bitcoin.