Google Chrome as Root - The Revenge

Under development: PCMCIA, wireless, etc.
Message
Author
User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

Google Chrome as Root - The Revenge

#1 Post by Iguleder »

Here's something I just wrote.

It's a simple launcher for Google Chrome that tricks it into thinking you're not root, so it lets you run it even if you're root.

In order to use it, install the package and use "puppy-chrome" instead of "google-chrome" in order to run Chrome.

There are two reasons why I wrote it:
1) Freedom! It's MY computer and I'll do whatever I want, no matter if Google doesn't want me to.
3) If we want to build PET packages out of Google's official binary package (which has the updater), we can do this without having to patch the Chrome binary or edit any files (using conventional tools like sed).

How it Works

It's simple, very simple. I executed Google Chrome with strace (a tool which lists calls to system calls) to find out which system calls it uses to find out who's the user who executed it.

I assumed the name of the function it uses starts with "get":

Code: Select all

strace -q -s google-chrome 2>&1 | grep get
Here's the output, which doesn't mean much:
-nan 0.000000 0 1 getpid
-nan 0.000000 0 1 getppid
-nan 0.000000 0 1 getpgrp
-nan 0.000000 0 38 gettimeofday
-nan 0.000000 0 2 getdents
-nan 0.000000 0 1 sched_getparam
-nan 0.000000 0 1 sched_getscheduler
-nan 0.000000 0 2 sched_get_priority_max
-nan 0.000000 0 1 sched_get_priority_min
-nan 0.000000 0 4 getrlimit
-nan 0.000000 0 7 getuid32
-nan 0.000000 0 5 getgid32
-nan 0.000000 0 6 geteuid32
-nan 0.000000 0 5 getegid32
-nan 0.000000 0 1 getresuid32
-nan 0.000000 0 1 getresgid32
-nan 0.000000 0 14 getdents64
-nan 0.000000 0 1 gettid
-nan 0.000000 0 1 clock_gettime
-nan 0.000000 0 1 clock_getres
-nan 0.000000 0 1 getpeername
-nan 0.000000 0 1 shmget
I decided to dive into the source code and found something interesting: this, the wonderful moment when the code that checks whether you're root was added to Chromium.

These two lines tell us everything we need to know:

Code: Select all

void BrowserMainPartsGtk::DetectRunningAsRoot() {
	if (geteuid() == 0) {
They say Google Chrome runs a function called DetectRunningAsRoot in order to detect whether it's running as root and that function uses geteuid for that.

I wrote a simple library that implements a fake geteuid that never returns 0 (which is, root's user ID, always). That's how Chrome detects whether it's root, of course.

Here's the library code:

Code: Select all

/* a fake UID; root's UID is always 0 and that's how Chrome find out who we 
 * are */
#define FAKE_UID (1)

/* a fake geteuid() function that returns the fake UID instead of root's one */
int geteuid() {
	return FAKE_UID;
}
To build it, use this:

Code: Select all

gcc -shared -o libpuppygc.so libpuppygc.c
This library needs to get loaded into Google Chrome, so it overrides the legitimate geteuid and therefore tricks Google Chrome. That's where LD_PRELOAD aids us.

The LD_PRELOAD environmental variable contains a list of libraries that are loaded into any process executed; in this case, we force Google Chrome to run with our evil library loaded it to it, which overrides the C library's geteuid().

And if you wondered, that's what puppy-chrome does, of course:

Code: Select all

LD_PRELOAD="/usr/lib/libpuppygc.so" google-chrome
A very simple approach can be used against any application that hates root - I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
Attachments
puppy-gc-001.pet
(1.59 KiB) Downloaded 2746 times
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

User avatar
tronkel
Posts: 1116
Joined: Fri 30 Sep 2005, 11:27
Location: Vienna Austria
Contact:

#2 Post by tronkel »

@iguleder

Good detective work! I'm going to try it right now.

Thanks

Tronkel
Life is too short to spend it in front of a computer

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#3 Post by Iguleder »

Forgot to mention, I used it against the 32-bit DEB from here.
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

User avatar
tronkel
Posts: 1116
Joined: Fri 30 Sep 2005, 11:27
Location: Vienna Austria
Contact:

#4 Post by tronkel »

@iguleder

Yes, works fine. Just tested it in Puppy 529 3-Headed-Dog

Google-Chrome will not start in the latest Wary 5.2 because of the different version of libc. Maybe Barry would take a look at this.

Could you please modify the pet for puppy-chrome to include a *desktop file sometime?

Thanks

Tronkel
Life is too short to spend it in front of a computer

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#5 Post by Iguleder »

I think I could extend this a bit and make it a bit smarter, by writing an executable which writes a copy of this library to /tmp, executes a given command line and deletes it.

I think we could use it for stubborn applications that don't like being executed as root.

This could be sort of a de-sudo :lol:
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

User avatar
tronkel
Posts: 1116
Joined: Fri 30 Sep 2005, 11:27
Location: Vienna Austria
Contact:

#6 Post by tronkel »

@iguleder

Who would have imagined that Puppy Linux would ever have needed something like a reverse sudo command. However, it only takes one major player with a popular app such as Google Chrome to warrant such a thing.

Your idea of an executable to call an executable using this library is interesting, even though not many Linux executables work like this - well, not yet anyway. A good thing to have available in Puppy - just in case it's ever needed.

So, presumably this executable would be supplied with a command-line argument i.e. the name of the program to be run. This argument would then get passed to your program, let it do its stuff in /tmp and then disappear. Good.

Best regards

Tronkel
Life is too short to spend it in front of a computer

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#7 Post by Lobster »

Ideas are the root of creation. :)
Ernest Dimnet
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#8 Post by 666philb »

just tested it with the VLC portable from http://sourceforge.net/projects/portable/files/ something that wouldn't usually work if you are root, and it worked a treat!..... nice one Iguleder!!!!

Not sure how to implement this, but you could have something like the 'set icon' dialogue. where you start your 'antirootcheck' program, then drag and drop the offending and demanding binary onto it. And it creates a .desktop file and script for /usr/bin/ to start the obnoxious program!

happy time :D
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#9 Post by Iguleder »

Wow, great idea!

I remember made a Skype PET that automatically adds a desktop icon - maybe we could take that code from there and make that icon run this thing with a parameter which contains a command line.

I'll think about it, maybe I'll even write this nice thing this weekend :)
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

ndujoe1
Posts: 851
Joined: Mon 05 Dec 2005, 01:06

Google Chrome with Lucid 5.25

#10 Post by ndujoe1 »

I downloaded Google Chrome and operate it with your pet. Sometime it functions and then sometimes I get this message:

Your profile could not be open properly.
Some features may be unavailable. Please check that the profile exits and you have permission to read and write.

In attempt to recitify this I click Google preferences, and personal and sign it and accept its access.

sometime this works sometime I can't reach the Preferences page nor the tools page.

I am about ready to give up. The reason I prefer the original Google Chrome is because it allows me to read the Amazon boobks that I have in the clould at
read.amazon.com

any suggestions or what I may be doing wrong? Thanks.

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#11 Post by Iguleder »

It's kinda weird that it works only sometimes. Are you sure you're running only one copy? Maybe it locks the configuration or some cache files.
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

ndujoe1
Posts: 851
Joined: Mon 05 Dec 2005, 01:06

google chrome quirk

#12 Post by ndujoe1 »

yep I am only using one copy. Is there a debug section in Google Chrome that I could email to you to help disagnose the behaviour or past it here if it not too long?

soundNICK
Posts: 124
Joined: Wed 13 Oct 2010, 15:37

Re: Google Chrome as Root - The Revenge

#13 Post by soundNICK »

Ive since seen somebody-s chrome for linux...

so... this post inaccurate
Last edited by soundNICK on Mon 29 Apr 2013, 08:48, edited 1 time in total.

soundNICK
Posts: 124
Joined: Wed 13 Oct 2010, 15:37

Re: Google Chrome as Root - The Revenge

#14 Post by soundNICK »

see above
Last edited by soundNICK on Mon 29 Apr 2013, 08:49, edited 4 times in total.

soundNICK
Posts: 124
Joined: Wed 13 Oct 2010, 15:37

Re: Google Chrome as Root - The Revenge

#15 Post by soundNICK »

ditto
Last edited by soundNICK on Mon 29 Apr 2013, 08:49, edited 1 time in total.

User avatar
DanYHKim
Posts: 103
Joined: Mon 15 Sep 2008, 01:51

This is great! Works really well

#16 Post by DanYHKim »

I am running Lucid 5.2.8 on a Motion M1300 tablet. My wife wanted to be able to read Kindle books using their Cloud Reader in Chrome, but I couldn't make it work with a new Chrome install. It was driving me nuts.

(Needed a new install because the .pet for Chrome does not support offline reading)

Installed Chrome 25.0.1364172 (google-chrome-stable_current_i386.deb)
Installed puppy-gc-001.pet

Made relative symlink from /opt/google/chrome of "product_logo_48.png" to /usr/share/pixmaps

Made a script to put in /usr/bin called "chrome_noroot" that has:

Code: Select all

#!/bin/sh
LD_PRELOAD="/usr/lib/libpuppygc.so" google-chrome
Made a .desktop file in /usr/share/applications called google-chrome.desktop that invokes the script in its "Exec=" line, and also assigned the product_logo_48.png file as its icon.

Also dragged this .desktop to the Desktop and assigned it the same icon.

Now, I can launch Chrome from the menu or from the desktop icon, and it will run the preload, then chrome. It takes a little time to load up, but afterwards is appears to run without problems.

Thank you so much for this contribution. I was at the end of my rope.

psfal
Posts: 7
Joined: Wed 24 Jul 2013, 04:02

#17 Post by psfal »

Command not found

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#18 Post by Semme »

Psfal- I thought you said you'd try Fatdog?

Code: Select all

google-chrome --user-data-dir "$@"

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#19 Post by disciple »

Neat. This could do with a wiki page listing offending applications that it works with (and any super offensive ones that it doesn't, if there are any) :)
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#20 Post by disciple »

I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
It looks (i.e. I tested that the programs start, but did not test all the features) like if you just override getuid() then you can use this to start bibledit as root, and to remove the warning message in the stock xsane.

I tried creating a single lib that overrides all three functions, and in the process demonstrated that there can be adverse effects: if geteuid is overridden then bibledit-gtk freezes on startup.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

Post Reply