Incorrect reporting in logs/db #32
Comments
|
Thanks for the report! The issue lies here where the cmdline is cached along with the file descriptor for the executable based on its st_dev and st_ino, so that's why the cmdline stays the same, same goes for the parent. (specifically fd_dict where A fix could be adding another function to lookup and cache the cmdline based solely on the pid instead. |
|
I just pushed a fix for this if you'd like to/are able to test it to see if it also fixes the strange reporting of pcmdline. Picosnitch just has the one source (.py) file so you can simply replace it on your system with the latest version, or run it from any other folder. I'll probably create a new release sometime in the next few weeks or so. |
Noticed a peculiarity RE: cmdline reporting in the db/logs.
For instance, running "curl https://google.com" will correctly report that exact command under the "cmdline" column.
Afterwards, if you attempt to run "curl https://facebook.com", for example, the db will again report "curl https://google.com" under the cmdline column.
restarting the picosnitch service "fixes" the issue for the first command post restart, all subsequent (unique) commands will have the same "cmdline" value as the first one.
"pcmdline" also exhibits some very strange (incorrect) reporting, but i dont have an exact understanding of what happens
The text was updated successfully, but these errors were encountered: