Google Chrome as Root - The Revenge

Under development: PCMCIA, wireless, etc.
Message
Author
psfal
Posts: 7
Joined: Wed 24 Jul 2013, 04:02

#21 Post by psfal »

I tried, some of the code must be missing, I'm not a nuts & bolts guy, so if something else is needed to run those commands, I don't know what it is

psfal
Posts: 7
Joined: Wed 24 Jul 2013, 04:02

#22 Post by psfal »

@Semme, I am trying Fatdog, it's being vague, and actually minus the chromium "run as root" issue, Puppy is more cooperative with much more available software...

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#23 Post by disciple »

Iguleder wrote:I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
Weird - here I need to override geteuid for Rox. Perhaps it was Chrome that needed getgid?
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#24 Post by greengeek »

Iguleder wrote:I think we could use it for stubborn applications that don't like being executed as root.

This could be sort of a de-sudo :lol:
Or maybe a "sudon't" ...
:P

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#25 Post by disciple »

disciple wrote:
Iguleder wrote:I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
Weird - here I need to override geteuid for Rox.
Note that there are adverse effects with rox - it means when you open a terminal from rox it doesn't have root permissions.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#26 Post by disciple »

FWIW I can also get rid of an offensive running as root warning in mousepad by overriding geteuid. But it causes this error message, although I don't know what actual adverse effects there are:

Code: Select all

Mousepad-Message: Failed to connect to the D-BUS session bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
technosaurus
Posts: 4853
Joined: Mon 19 May 2008, 01:24
Location: Blue Springs, MO
Contact:

#27 Post by technosaurus »

I had done something similar but figured out that if you are careful and replace N characters with N characters (otherwise you mess up the GOT), you can use sed to change the binary itself ...

Code: Select all

sed -i "s/getuid/getpid/g" bin_or_lib_file
sed -i "s/geteuid/getppid/g" bin_or_lib_file
... but this may be against EULA
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].

User avatar
Direxion
Posts: 2
Joined: Wed 25 Jan 2012, 01:26
Location: North Texas

Thanks

#28 Post by Direxion »

Thanks! I also got the "can't run as root" message after installing Chrome (Version 31.0.1650.48) and the puppy-gc-001 pet worked. However I did have to modify /usr/bin/puppy-chrome line 3 to "google chrome-stable" to match the package. So far Chrome seems to be running fine however after launching I did get this:

http://i783.photobucket.com/albums/yy11 ... re1053.png

which apparently means that Chrome will not be able to update. I probably won't use it then for very long but it was a fun exercise.

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#29 Post by Mike Walsh »

Thanks for this, iguleder. Still works perfectly.....and even better now that peebee's converted 'libpuppygc.so' to 64-bit.

Current 64-bit Chrome works a treat with this...and I shall know exactly what to do with future Iron and SlimJet builds, when they begin basing them on Chrome 56 or later.

(*Take that, Google...!*) Nice one.

Many, many thanks. Cheers!


Mike. :D :wink:

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#30 Post by slavvo67 »

How do you amend this for another application, such as Iron?

Also, I tried to package the puppy-chrome pet with a downloaded chrome but when I installed the combined pet, I received the running as root error.... Do you know of a way to overcome this or does Chrome need to be packages separately from your pet in order for the Chrome as Root to work? The reasoning behind trying to package together is for easier install via WoofQ.

Thanks,

Slavvo67

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#31 Post by Mike Walsh »

Hi, slavvo.

It's not hard. I've just done it with 64-bit Iron 56.0.2959.0, released just the other day. I had a look at peebee's Chromium build, after Micko had tipped us off to this workaround of Iggy's, and 'borrowed' his 64-bit version of 'libpuppygc.so'. He wasn't bothered, in fact he said he expected me to! :lol:

Libpuppygc.so goes in the Iron directory. Then you add 'LD_PRELOAD="/opt/iron/libpuppygc.so" to the start of the exec line in the wrapper script. (It's /opt in this case, because that's where I put the Iron directory in my builds.)

(Just replace /opt with the location for your Iron directory. It should still work. You don't need the full contents of Iggy's .pet; just the 'libpuppygc.so' module. The 'LD_PRELOAD' bit goes at the start of the wrapper's exec line.)

Like this:-

Code: Select all

LD_PRELOAD="/opt/iron/libpuppygc.so" exec -a "$0" /opt/iron/chrome --user-data-dir=/root/.config/iron --disable-infobars "$@"
That works for the 64-bit versions. However, try as I might, it will not work for the 32-bit version of Iron. Previous versions to 56, of course, don't need it.

As far as I can tell, SRWare have coded the 32-bit version differently, somehow.....but I'm hanged if I can figure out a way round it yet.


Mike. :wink:

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#32 Post by OscarTalks »

Hi Mike,

Thought I would take a look at 32bit Iron 56 and I found that the library was refusing to preload for some reason. Couldn't think of anything further to try but just went on tinkering for a bit and decided to try Vivaldi to make a comparison. That seemed OK. Then went back to Iron and found it was working.

The only thing I think I had changed was that I had run strip --strip-unneeded on the Iguleder library because I noticed that I had not done that when I compiled it. It is only tiny anyway and I have never known a library not work if it is not stripped, but maybe preloading is different from just loading as a dynamic runtime library. Anyway, give that a try (if yours is not stripped) and see if it makes a difference for you. Perhaps I made some other change which I have forgotten but I don't think so.
EDIT:- When I tried putting the not-stripped lib back in it still worked so I am mystified.

The warnings in terminal seem to suggest that running as root while pretending not to be root is confusing poor old DBus (which needs to know where its HOME is I think). Not a major problem but perhaps someone can think of a way round this. Also this method produces warnings that the setuid sandbox is not running as root when in fact it is. At least it is running though. With this method available, users have the option to easily choose between running this way or just disabling all sandboxing and having the terminal less verbose.
Oscar in England
Image

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#33 Post by 666philb »

barry k added the 'bbe' utlility to the ubuntu pups that allows you to edit the binary and remove the root warning. this might work for the 32bit iron https://linux.die.net/man/1/bbe

here's a small script.

Code: Select all

#!/bin/sh
if [ -f /usr/bin/bbe ];then
if [ -f "$@"  ];then
bbe -e 's/geteuid/getppid/' "$@" > /tmp/antiroot-temp1
mv -f /tmp/antiroot-temp1  "$@"
chmod 755 "$@"
fi
fi
just make the script executable and then drop the binary onto it.
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#34 Post by OscarTalks »

Hello Phil,

Thanks for this. On initial testing with Iron 56 it seems to be working better than the preloaded library method. There is no DBus warning and no setuid sandbox warning in terminal. The SUID sandbox is showing as active, I can remove the --no-sandbox and --disable-infobars switches from the wrapper script. What I did was run the bbe edit from your script on the binary and replaced the old binary with the edited one in my package. Testing was done in Wheezy, (32bit obviously) with kernel 3.5.2 but will test other Chromium derivatives and other Puppies over time.
Oscar in England
Image

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#35 Post by slavvo67 »

The more explanations, the more I get frustrated. Now I know how the new users feel. :roll:

I'll stick with what I have for now.... Can't believe how angry I was getting over this.... It's not even that important as you can always patch security and run older version for years....

Have a script to combine debs. This is not a problem the menu entries sometimes show up; sometimes not.

Posted a 64bit Open Office Pet under Puppy Derivatives Section --> RU Xerus 64.

Plan on getting you a script posted here to automate most of the packaging.

Dry Falls
Posts: 616
Joined: Tue 16 Dec 2014, 23:37
Location: Upper Columbia

#36 Post by Dry Falls »

Mike Walsh wrote:Thanks for this, iguleder. Still works perfectly.....and even better now that peebee's converted 'libpuppygc.so' to 64-bit.
So where does one find the 64-bit version?
df

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#37 Post by Mike Walsh »

Hi, Dry Falls.

TBH, it hasn't been made 'available' as such. Peebee re-compiled it for 64-bit ; my compiling skills are abysmal, so I d/l'ed one of peebee's Chromium SFS packages and, er, 'borrowed' it. I told peebee what I'd done.....he said he half expected me to do just that..! Image

I think peebee, like Oscar, has moved on to using Phil B's 'bbe' workaround, as detailed a few posts back. It's all in aid of not only allowing 'running as root', but also retaining as much of the browser 'sandboxing' as possible. I've continued to use 'libpuppygc.so', since Iguleder originally developed it for Chrome; Chromium was the only other option at that time, I believe. SlimJet is a recent development, and it's only recently that Iron has caught up with the pack, and started to use the modern Chromium's 'guts' instead.

If you want to give it a try, you can find it at my MediaFire a/c, here:-

https://www.mediafire.com/folder/4tyhv0 ... Libpuppygc

Help yourself to the version you want. Just follow the instructions as given at the top of this page; place the lib inside the Chrome directory, then modify the wrapper script as detailed.

Let us know how you get on with it, please. It definitely works in the 64-bit builds, although I may start experimenting with the 'bbe' thingy myself.....just to see what happens, like!


Mike. :wink:

Dry Falls
Posts: 616
Joined: Tue 16 Dec 2014, 23:37
Location: Upper Columbia

#38 Post by Dry Falls »

Thanks Mike. This is the first time I've been able to download anything from mediafire. Not sure what might have been the problem before. I played some with the bbe script and successfully got rid of the offensive message ("running as root is known in the state of California to promote birth defects" or something of the sort). Doesn't work with dolphin, however, which in it's latest incarnation, will not even open as root. In this wonderful culture of paranoia, the programs have root privileges but root doesn't! go figure.

For chrome/chromium, prefacing the exec with "run-as-spot" works just fine. The latest script from fatdog is much improved.

Anyway, thanks again,

df

Post Reply