Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 22 Aug 2017, 16:53
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
Google Chrome as Root - The Revenge
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 3 [38 Posts]   Goto page: Previous 1, 2, 3
Author Message
Mike Walsh


Joined: 28 Jun 2014
Posts: 2847
Location: King's Lynn, UK.

PostPosted: Fri 17 Feb 2017, 08:43    Post subject:  

Hi, slavvo.

It's not hard. I've just done it with 64-bit Iron 56.0.2959.0, released just the other day. I had a look at peebee's Chromium build, after Micko had tipped us off to this workaround of Iggy's, and 'borrowed' his 64-bit version of 'libpuppygc.so'. He wasn't bothered, in fact he said he expected me to! Laughing

Libpuppygc.so goes in the Iron directory. Then you add 'LD_PRELOAD="/opt/iron/libpuppygc.so" to the start of the exec line in the wrapper script. (It's /opt in this case, because that's where I put the Iron directory in my builds.)

(Just replace /opt with the location for your Iron directory. It should still work. You don't need the full contents of Iggy's .pet; just the 'libpuppygc.so' module. The 'LD_PRELOAD' bit goes at the start of the wrapper's exec line.)

Like this:-

Code:
LD_PRELOAD="/opt/iron/libpuppygc.so" exec -a "$0" /opt/iron/chrome --user-data-dir=/root/.config/iron --disable-infobars "$@"


That works for the 64-bit versions. However, try as I might, it will not work for the 32-bit version of Iron. Previous versions to 56, of course, don't need it.

As far as I can tell, SRWare have coded the 32-bit version differently, somehow.....but I'm hanged if I can figure out a way round it yet.


Mike. Wink

_________________
If I've helped you.....please say 'Thanks'!
MY PUPPY PACKAGES
--------------------------------------

Back to top
View user's profile Send private message Visit poster's website 
OscarTalks


Joined: 05 Feb 2012
Posts: 1569
Location: London, England

PostPosted: Fri 17 Feb 2017, 11:04    Post subject:  

Hi Mike,

Thought I would take a look at 32bit Iron 56 and I found that the library was refusing to preload for some reason. Couldn't think of anything further to try but just went on tinkering for a bit and decided to try Vivaldi to make a comparison. That seemed OK. Then went back to Iron and found it was working.

The only thing I think I had changed was that I had run strip --strip-unneeded on the Iguleder library because I noticed that I had not done that when I compiled it. It is only tiny anyway and I have never known a library not work if it is not stripped, but maybe preloading is different from just loading as a dynamic runtime library. Anyway, give that a try (if yours is not stripped) and see if it makes a difference for you. Perhaps I made some other change which I have forgotten but I don't think so.
EDIT:- When I tried putting the not-stripped lib back in it still worked so I am mystified.

The warnings in terminal seem to suggest that running as root while pretending not to be root is confusing poor old DBus (which needs to know where its HOME is I think). Not a major problem but perhaps someone can think of a way round this. Also this method produces warnings that the setuid sandbox is not running as root when in fact it is. At least it is running though. With this method available, users have the option to easily choose between running this way or just disabling all sandboxing and having the terminal less verbose.

_________________
Oscar in England

Back to top
View user's profile Send private message 
666philb


Joined: 07 Feb 2010
Posts: 3094
Location: wales

PostPosted: Fri 17 Feb 2017, 16:48    Post subject:  

barry k added the 'bbe' utlility to the ubuntu pups that allows you to edit the binary and remove the root warning. this might work for the 32bit iron https://linux.die.net/man/1/bbe

here's a small script.

Code:
#!/bin/sh
if [ -f /usr/bin/bbe ];then
if [ -f "$@"  ];then
bbe -e 's/geteuid/getppid/' "$@" > /tmp/antiroot-temp1
mv -f /tmp/antiroot-temp1  "$@"
chmod 755 "$@"
fi
fi

just make the script executable and then drop the binary onto it.

_________________
Tahrpup, built with trusty tahr packages http://murga-linux.com/puppy/viewtopic.php?t=96178
Quickpet_Precise, install popular apps quickly http://www.murga-linux.com/puppy/viewtopic.php?t=83642
Back to top
View user's profile Send private message 
OscarTalks


Joined: 05 Feb 2012
Posts: 1569
Location: London, England

PostPosted: Fri 17 Feb 2017, 19:47    Post subject:  

Hello Phil,

Thanks for this. On initial testing with Iron 56 it seems to be working better than the preloaded library method. There is no DBus warning and no setuid sandbox warning in terminal. The SUID sandbox is showing as active, I can remove the --no-sandbox and --disable-infobars switches from the wrapper script. What I did was run the bbe edit from your script on the binary and replaced the old binary with the edited one in my package. Testing was done in Wheezy, (32bit obviously) with kernel 3.5.2 but will test other Chromium derivatives and other Puppies over time.

_________________
Oscar in England

Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 1421
Location: The other Mr. 305

PostPosted: Fri 17 Feb 2017, 22:14    Post subject:  

The more explanations, the more I get frustrated. Now I know how the new users feel. Rolling Eyes

I'll stick with what I have for now.... Can't believe how angry I was getting over this.... It's not even that important as you can always patch security and run older version for years....

Have a script to combine debs. This is not a problem the menu entries sometimes show up; sometimes not.

Posted a 64bit Open Office Pet under Puppy Derivatives Section --> RU Xerus 64.

Plan on getting you a script posted here to automate most of the packaging.
Back to top
View user's profile Send private message 
Dry Falls

Joined: 16 Dec 2014
Posts: 485
Location: Upper Columbia

PostPosted: Tue 23 May 2017, 14:48    Post subject:  

Mike Walsh wrote:
Thanks for this, iguleder. Still works perfectly.....and even better now that peebee's converted 'libpuppygc.so' to 64-bit.

So where does one find the 64-bit version?
df
Back to top
View user's profile Send private message 
Mike Walsh


Joined: 28 Jun 2014
Posts: 2847
Location: King's Lynn, UK.

PostPosted: Tue 23 May 2017, 17:06    Post subject:  

Hi, Dry Falls.

TBH, it hasn't been made 'available' as such. Peebee re-compiled it for 64-bit ; my compiling skills are abysmal, so I d/l'ed one of peebee's Chromium SFS packages and, er, 'borrowed' it. I told peebee what I'd done.....he said he half expected me to do just that..!

I think peebee, like Oscar, has moved on to using Phil B's 'bbe' workaround, as detailed a few posts back. It's all in aid of not only allowing 'running as root', but also retaining as much of the browser 'sandboxing' as possible. I've continued to use 'libpuppygc.so', since Iguleder originally developed it for Chrome; Chromium was the only other option at that time, I believe. SlimJet is a recent development, and it's only recently that Iron has caught up with the pack, and started to use the modern Chromium's 'guts' instead.

If you want to give it a try, you can find it at my MediaFire a/c, here:-

https://www.mediafire.com/folder/4tyhv03ekb042/Libpuppygc

Help yourself to the version you want. Just follow the instructions as given at the top of this page; place the lib inside the Chrome directory, then modify the wrapper script as detailed.

Let us know how you get on with it, please. It definitely works in the 64-bit builds, although I may start experimenting with the 'bbe' thingy myself.....just to see what happens, like!


Mike. Wink

_________________
If I've helped you.....please say 'Thanks'!
MY PUPPY PACKAGES
--------------------------------------

Back to top
View user's profile Send private message Visit poster's website 
Dry Falls

Joined: 16 Dec 2014
Posts: 485
Location: Upper Columbia

PostPosted: Wed 24 May 2017, 03:01    Post subject:  

Thanks Mike. This is the first time I've been able to download anything from mediafire. Not sure what might have been the problem before. I played some with the bbe script and successfully got rid of the offensive message ("running as root is known in the state of California to promote birth defects" or something of the sort). Doesn't work with dolphin, however, which in it's latest incarnation, will not even open as root. In this wonderful culture of paranoia, the programs have root privileges but root doesn't! go figure.

For chrome/chromium, prefacing the exec with "run-as-spot" works just fine. The latest script from fatdog is much improved.

Anyway, thanks again,

df
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 3 [38 Posts]   Goto page: Previous 1, 2, 3
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0631s ][ Queries: 14 (0.0132s) ][ GZIP on ]