You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Linux process detection code does not check if reads of /proc/*/cmdline fail. Under Ubuntu, when a program is distributed as a snap, by default it is not allowed to read /proc/*/cmdline. The result is that each time getProcesses() is called, it generates a separate security error in /var/log/syslog for each currently running process.
(The volume of error log entries is so high that it effectively DoSes syslogd, which drops a lot of the messages on the floor. This not only creates a lot of system load, it could result in actual security-related log messages being lost.)
When running ArmCord, by the time I realised what was going on there were over 400,000 log entries, and the syslog was more than 100 times larger than normal. The ticket for that bug is here.
Steps to reproduce:
On Ubuntu 22.04, run snap install armcord
Run tail -f /var/log/syslog
Start armcord
Observe errors in syslog
Resolution:
arRPC should check if these reads fail. It can test by trying to read /proc/1/cmdline, since process 1 always exists (and is never a game that arRPC might be interested in); if this read fails, there is no point trying the other hundreds of PIDs. This is a simple minimal fix and would address the DoS issue.
A more complete solution would use this failure as an indication that arRPC cannot fulfil its purpose on this system as configured, and have it exit in a way that its caller would know what had happened (and could suggest a resolution to the user).
The text was updated successfully, but these errors were encountered:
The Linux process detection code does not check if reads of /proc/*/cmdline fail. Under Ubuntu, when a program is distributed as a snap, by default it is not allowed to read /proc/*/cmdline. The result is that each time getProcesses() is called, it generates a separate security error in /var/log/syslog for each currently running process.
(The volume of error log entries is so high that it effectively DoSes syslogd, which drops a lot of the messages on the floor. This not only creates a lot of system load, it could result in actual security-related log messages being lost.)
When running ArmCord, by the time I realised what was going on there were over 400,000 log entries, and the syslog was more than 100 times larger than normal. The ticket for that bug is here.
Steps to reproduce:
snap install armcordtail -f /var/log/syslogResolution:
arRPC should check if these reads fail. It can test by trying to read /proc/1/cmdline, since process 1 always exists (and is never a game that arRPC might be interested in); if this read fails, there is no point trying the other hundreds of PIDs. This is a simple minimal fix and would address the DoS issue.
A more complete solution would use this failure as an indication that arRPC cannot fulfil its purpose on this system as configured, and have it exit in a way that its caller would know what had happened (and could suggest a resolution to the user).
The text was updated successfully, but these errors were encountered: