Alternatives to CAP_SYS_PTRACE

[rpdelaney]

The linux_install script grants CAP_SYS_PTRACE to ddstats-rust. This is a very powerful capacity, granting the privilege to trace any process on the system:

CAP_SYS_PTRACE
              •  Trace arbitrary processes using [ptrace(2)](https://man7.org/linux/man-pages/man2/ptrace.2.html);
              •  apply [get_robust_list(2)](https://man7.org/linux/man-pages/man2/get_robust_list.2.html) to arbitrary processes;
              •  transfer data to or from the memory of arbitrary
                 processes using [process_vm_readv(2)](https://man7.org/linux/man-pages/man2/process_vm_readv.2.html) and
                 [process_vm_writev(2)](https://man7.org/linux/man-pages/man2/process_vm_writev.2.html);
              •  inspect processes using [kcmp(2)](https://man7.org/linux/man-pages/man2/kcmp.2.html).

This makes ddstats-rust a large surface for supply chain attacks, since it can e.g. extract keys from password managers and so on.

Some game addons, such as mangohud work by launching the game as a subprocess. For instance, one can launch mangohud with steam devil daggers by setting launch options to mangohud %command%. This allows the parent process to draw an overlay without exposing everything on the system.

[lsaa]

this is actually an option if you enable "linux_restart_as_child" in the config

https://github.com/lsaa/ddstats-rust/blob/9adee20beaf11cc2b589c2714e53e5bfb8acf323/default_cfg.ron#L56

Implementation: https://github.com/lsaa/ddcore-rs/blob/08e0b9adc719fde6b1e34c6a0e8f5bffa43d20af/src/memory/mod.rs#L538

[lsaa]

basically if it finds a dd process that's not a child it will kill it and try to start it as a child, it's not ideal and the implementation is terrible.

[rpdelaney]

Okay. Since SYS_PTRACE arguably breaks the security model of the whole O/S, of the two options, any implementation like you describe seems preferable -- at least, on paper. I'll give it a shot and report back. Thanks.

By the way, can I ask why we kill the other process? Dying with an error seems preferable to risking mayhem if it misfires.

[lsaa]

iirc the steam DRM doesn't let you start another process as a child of the game is open already

[rpdelaney]

My idea is to start it as one does with mangohud or gamemode using steam launch options. So when I click on devildaggers on steam, ddstats launches first, and then it launches the game.

[lsaa]

My idea is to start it as one does with mangohud or gamemode using steam launch options. So when I click on devildaggers on steam, ddstats launches first, and then it launches the game.

this would work but I have a few concerns:

1. The UI probably wouldn't work: The process would be spawned without an actual terminal from the steam interface, you can most likely do a workaround here by having the launch options be something like:

konsole -c "ddstats-rust-bootsrap %command%"

this would create a new console emulator window and execute a bootstrap script which would open the game.

2. Windowing: Spawning a process like that from a terminal would cause the terminal to be swallowed by the game in many window managers (including mine), this would make the UI inaccessible until the game is closed. In many window managers you'd have to go to the configuration file and add an exception to make sure devil daggers can't swallow a terminal.

3. It would always be on: Many players like turning off ddstats mid-session for one reason or another, be it playing custom spawnsets without notifying the servers or whatever reason they have.

[lsaa]

My idea is to start it as one does with mangohud or gamemode using steam launch options. So when I click on devildaggers on steam, ddstats launches first, and then it launches the game.

ok I think I can make something exclusive for linux where you have a reader binary that you always add to the command path in steam (to make devildaggers a child process of it) and have the main TUI app connect to that through a socket instead of debugging the game itself.

[rpdelaney]

Let me know if I can help in any way; testing or whatever else :)