elias_griffin, 7 months ago (edited 7 months ago)

This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don’t use Flathub for security reasons so I don’t know if you can even isolate the PID? Anyone know?

I don’t want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as “wow shouldn’t be there/running” when you run these commands come back to us:

1. ps the PID of Signal or secondarily, Flathub
2. lsof -p PID
3. strace
   • sudo strace -f -t -e trace=file -p PID
4. sysctl kernel.randomize_va_space
   • pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability