Bitcoin

912 readers

1 users here now

Do not use URL shortening services: always submit the real link.
Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy.
News articles that do not contain the word "Bitcoin" are usually off-topic. This sublemmy is not about general financial news.
Submissions that are mostly about some other cryptocurrency belong elsewhere. This sublemmy is exclusive to Bitcoin.
No referral links in submissions.
No Self Promotion

founded 2 years ago

MODERATORS

Void_Sloth@lemmy.world

Bassin on umbrel emergency fix, ckpool image was compromised (x.com)

submitted 2 weeks ago by 0x0f@lemmy.blahaj.zone to c/bitcoin@lemmy.world

0 comments fedilink hide all child comments

cross-posted from: https://lemmy.blahaj.zone/post/35554467

⚠️ PSA for Bassin users:
A security issue was discovered and fixed in the latest Bassin app, but you're not safe until you update it.
Open the Umbrel App Store and update Bassin ASAP.

https://github.com/duckaxe/bassin/issues/23#issuecomment-3640779220

What happened? Bassin uses the ckPool container from hub.docker.com/r/pinkyswear/ckpool-solo - this is linked in the readme: duckaxe/bassin#repositories
Bassin itself does not set a payout address, which can be seen in the code: getumbrel/umbrel-apps@master/bassin/data/config/ckpool.conf.template
Does this mean that the ckPool image i used in Bassin hub.docker.com/r/pinkyswear/ckpool-solo is compromised?

Following a discussion on Discord, I can confirm that the ckPool Docker image I use for Bassin has been compromised.

umbrel decides to make their own, legit docker image at https://github.com/getumbrel/docker-ckpool-solo

https://github.com/getumbrel/umbrel-apps/pull/4230#issuecomment-3641463579

@duckaxe I have created a new ckpool Docker image under the @getumbrel org. It's a drop in replacement for the existing image you're using. You can use it at ghcr.io/getumbrel/docker-ckpool-solo:590fb2a. It builds ckpool-solo from source at the commit 590fb2a which is the current tip of the solobtc branch. (The last version tag is quite a few years old so I presume this is what is considered the latest version)

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here