Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 03 Sep 2014, 03:21
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
Google Chrome as Root - The Revenge
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Author Message
Iguleder


Joined: 11 Aug 2009
Posts: 1890
Location: Israel, somewhere in the beautiful desert

PostPosted: Wed 19 Oct 2011, 11:54    Post subject:  Google Chrome as Root - The Revenge
Subject description: A launcher that tricks Google Chrome
 

Here's something I just wrote.

It's a simple launcher for Google Chrome that tricks it into thinking you're not root, so it lets you run it even if you're root.

In order to use it, install the package and use "puppy-chrome" instead of "google-chrome" in order to run Chrome.

There are two reasons why I wrote it:
1) Freedom! It's MY computer and I'll do whatever I want, no matter if Google doesn't want me to.
3) If we want to build PET packages out of Google's official binary package (which has the updater), we can do this without having to patch the Chrome binary or edit any files (using conventional tools like sed).

How it Works

It's simple, very simple. I executed Google Chrome with strace (a tool which lists calls to system calls) to find out which system calls it uses to find out who's the user who executed it.

I assumed the name of the function it uses starts with "get":
Code:
strace -q -s google-chrome 2>&1 | grep get


Here's the output, which doesn't mean much:
Quote:
-nan 0.000000 0 1 getpid
-nan 0.000000 0 1 getppid
-nan 0.000000 0 1 getpgrp
-nan 0.000000 0 38 gettimeofday
-nan 0.000000 0 2 getdents
-nan 0.000000 0 1 sched_getparam
-nan 0.000000 0 1 sched_getscheduler
-nan 0.000000 0 2 sched_get_priority_max
-nan 0.000000 0 1 sched_get_priority_min
-nan 0.000000 0 4 getrlimit
-nan 0.000000 0 7 getuid32
-nan 0.000000 0 5 getgid32
-nan 0.000000 0 6 geteuid32
-nan 0.000000 0 5 getegid32
-nan 0.000000 0 1 getresuid32
-nan 0.000000 0 1 getresgid32
-nan 0.000000 0 14 getdents64
-nan 0.000000 0 1 gettid
-nan 0.000000 0 1 clock_gettime
-nan 0.000000 0 1 clock_getres
-nan 0.000000 0 1 getpeername
-nan 0.000000 0 1 shmget


I decided to dive into the source code and found something interesting: this, the wonderful moment when the code that checks whether you're root was added to Chromium.

These two lines tell us everything we need to know:
Code:
void BrowserMainPartsGtk::DetectRunningAsRoot() {
   if (geteuid() == 0) {


They say Google Chrome runs a function called DetectRunningAsRoot in order to detect whether it's running as root and that function uses geteuid for that.

I wrote a simple library that implements a fake geteuid that never returns 0 (which is, root's user ID, always). That's how Chrome detects whether it's root, of course.

Here's the library code:

Code:
/* a fake UID; root's UID is always 0 and that's how Chrome find out who we
 * are */
#define FAKE_UID (1)

/* a fake geteuid() function that returns the fake UID instead of root's one */
int geteuid() {
   return FAKE_UID;
}


To build it, use this:
Code:
gcc -shared -o libpuppygc.so libpuppygc.c


This library needs to get loaded into Google Chrome, so it overrides the legitimate geteuid and therefore tricks Google Chrome. That's where LD_PRELOAD aids us.

The LD_PRELOAD environmental variable contains a list of libraries that are loaded into any process executed; in this case, we force Google Chrome to run with our evil library loaded it to it, which overrides the C library's geteuid().

And if you wondered, that's what puppy-chrome does, of course:
Code:
LD_PRELOAD="/usr/lib/libpuppygc.so" google-chrome


A very simple approach can be used against any application that hates root - I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
puppy-gc-001.pet
Description 
pet

 Download 
Filename  puppy-gc-001.pet 
Filesize  1.59 KB 
Downloaded  1729 Time(s) 

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
tronkel


Joined: 30 Sep 2005
Posts: 1101
Location: Vienna Austria

PostPosted: Wed 19 Oct 2011, 12:08    Post subject:  

@iguleder

Good detective work! I'm going to try it right now.

Thanks

Tronkel

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
Iguleder


Joined: 11 Aug 2009
Posts: 1890
Location: Israel, somewhere in the beautiful desert

PostPosted: Wed 19 Oct 2011, 12:15    Post subject:  

Forgot to mention, I used it against the 32-bit DEB from here.
_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
tronkel


Joined: 30 Sep 2005
Posts: 1101
Location: Vienna Austria

PostPosted: Wed 19 Oct 2011, 13:53    Post subject:  

@iguleder

Yes, works fine. Just tested it in Puppy 529 3-Headed-Dog

Google-Chrome will not start in the latest Wary 5.2 because of the different version of libc. Maybe Barry would take a look at this.

Could you please modify the pet for puppy-chrome to include a *desktop file sometime?

Thanks

Tronkel

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
Iguleder


Joined: 11 Aug 2009
Posts: 1890
Location: Israel, somewhere in the beautiful desert

PostPosted: Wed 19 Oct 2011, 14:31    Post subject:  

I think I could extend this a bit and make it a bit smarter, by writing an executable which writes a copy of this library to /tmp, executes a given command line and deletes it.

I think we could use it for stubborn applications that don't like being executed as root.

This could be sort of a de-sudo Laughing

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
tronkel


Joined: 30 Sep 2005
Posts: 1101
Location: Vienna Austria

PostPosted: Wed 19 Oct 2011, 14:48    Post subject:  

@iguleder

Who would have imagined that Puppy Linux would ever have needed something like a reverse sudo command. However, it only takes one major player with a popular app such as Google Chrome to warrant such a thing.

Your idea of an executable to call an executable using this library is interesting, even though not many Linux executables work like this - well, not yet anyway. A good thing to have available in Puppy - just in case it's ever needed.

So, presumably this executable would be supplied with a command-line argument i.e. the name of the program to be run. This argument would then get passed to your program, let it do its stuff in /tmp and then disappear. Good.

Best regards

Tronkel

_________________
Life is too short to spend it in front of a computer
Back to top
View user's profile Send private message Visit poster's website AIM Address 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 19 Oct 2011, 19:45    Post subject:  

Ideas are the root of creation. Smile
Ernest Dimnet

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
666philb


Joined: 07 Feb 2010
Posts: 1663
Location: wales

PostPosted: Wed 19 Oct 2011, 20:27    Post subject:  

just tested it with the VLC portable from http://sourceforge.net/projects/portable/files/ something that wouldn't usually work if you are root, and it worked a treat!..... nice one Iguleder!!!!

Not sure how to implement this, but you could have something like the 'set icon' dialogue. where you start your 'antirootcheck' program, then drag and drop the offending and demanding binary onto it. And it creates a .desktop file and script for /usr/bin/ to start the obnoxious program!

happy time Very Happy

_________________
Quickpet_Precise, install popular apps quickly http://www.murga-linux.com/puppy/viewtopic.php?t=83642
LÖVE2d, a collection of 27 lua gameshttp://www.murga-linux.com/puppy/viewtopic.php?t=76739
Back to top
View user's profile Send private message 
Iguleder


Joined: 11 Aug 2009
Posts: 1890
Location: Israel, somewhere in the beautiful desert

PostPosted: Thu 20 Oct 2011, 03:12    Post subject:  

Wow, great idea!

I remember made a Skype PET that automatically adds a desktop icon - maybe we could take that code from there and make that icon run this thing with a parameter which contains a command line.

I'll think about it, maybe I'll even write this nice thing this weekend Smile

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
ndujoe1

Joined: 04 Dec 2005
Posts: 698

PostPosted: Thu 26 Jan 2012, 22:39    Post subject: Google Chrome with Lucid 5.25  

I downloaded Google Chrome and operate it with your pet. Sometime it functions and then sometimes I get this message:

Your profile could not be open properly.
Some features may be unavailable. Please check that the profile exits and you have permission to read and write.

In attempt to recitify this I click Google preferences, and personal and sign it and accept its access.

sometime this works sometime I can't reach the Preferences page nor the tools page.

I am about ready to give up. The reason I prefer the original Google Chrome is because it allows me to read the Amazon boobks that I have in the clould at
read.amazon.com

any suggestions or what I may be doing wrong? Thanks.
Back to top
View user's profile Send private message 
Iguleder


Joined: 11 Aug 2009
Posts: 1890
Location: Israel, somewhere in the beautiful desert

PostPosted: Fri 27 Jan 2012, 17:23    Post subject:  

It's kinda weird that it works only sometimes. Are you sure you're running only one copy? Maybe it locks the configuration or some cache files.
_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
ndujoe1

Joined: 04 Dec 2005
Posts: 698

PostPosted: Fri 27 Jan 2012, 23:14    Post subject: google chrome quirk  

yep I am only using one copy. Is there a debug section in Google Chrome that I could email to you to help disagnose the behaviour or past it here if it not too long?
Back to top
View user's profile Send private message 
soundNICK

Joined: 13 Oct 2010
Posts: 126

PostPosted: Tue 21 Feb 2012, 13:53    Post subject: Re: Google Chrome as Root - The Revenge
Subject description: A launcher that tricks Google Chrome
 

Ive since seen somebody-s chrome for linux...

so... this post inaccurate

Last edited by soundNICK on Mon 29 Apr 2013, 04:48; edited 1 time in total
Back to top
View user's profile Send private message 
soundNICK

Joined: 13 Oct 2010
Posts: 126

PostPosted: Wed 22 Feb 2012, 11:51    Post subject: Re: Google Chrome as Root - The Revenge
Subject description: A launcher that tricks Google Chrome
 

see above
Last edited by soundNICK on Mon 29 Apr 2013, 04:49; edited 4 times in total
Back to top
View user's profile Send private message 
soundNICK

Joined: 13 Oct 2010
Posts: 126

PostPosted: Wed 28 Mar 2012, 22:44    Post subject: Re: Google Chrome as Root - The Revenge
Subject description: A launcher that tricks Google Chrome
 

ditto
Last edited by soundNICK on Mon 29 Apr 2013, 04:49; edited 1 time in total
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [28 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0836s ][ Queries: 13 (0.0048s) ][ GZIP on ]