Author |
Message |
Iguleder

Joined: 11 Aug 2009 Posts: 2031 Location: Israel, somewhere in the beautiful desert
|
Posted: Wed 19 Oct 2011, 11:54 Post subject:
Google Chrome as Root - The Revenge Subject description: A launcher that tricks Google Chrome |
|
Here's something I just wrote.
It's a simple launcher for Google Chrome that tricks it into thinking you're not root, so it lets you run it even if you're root.
In order to use it, install the package and use "puppy-chrome" instead of "google-chrome" in order to run Chrome.
There are two reasons why I wrote it:
1) Freedom! It's MY computer and I'll do whatever I want, no matter if Google doesn't want me to.
3) If we want to build PET packages out of Google's official binary package (which has the updater), we can do this without having to patch the Chrome binary or edit any files (using conventional tools like sed).
How it Works
It's simple, very simple. I executed Google Chrome with strace (a tool which lists calls to system calls) to find out which system calls it uses to find out who's the user who executed it.
I assumed the name of the function it uses starts with "get":
Code: | strace -q -s google-chrome 2>&1 | grep get |
Here's the output, which doesn't mean much:
Quote: | -nan 0.000000 0 1 getpid
-nan 0.000000 0 1 getppid
-nan 0.000000 0 1 getpgrp
-nan 0.000000 0 38 gettimeofday
-nan 0.000000 0 2 getdents
-nan 0.000000 0 1 sched_getparam
-nan 0.000000 0 1 sched_getscheduler
-nan 0.000000 0 2 sched_get_priority_max
-nan 0.000000 0 1 sched_get_priority_min
-nan 0.000000 0 4 getrlimit
-nan 0.000000 0 7 getuid32
-nan 0.000000 0 5 getgid32
-nan 0.000000 0 6 geteuid32
-nan 0.000000 0 5 getegid32
-nan 0.000000 0 1 getresuid32
-nan 0.000000 0 1 getresgid32
-nan 0.000000 0 14 getdents64
-nan 0.000000 0 1 gettid
-nan 0.000000 0 1 clock_gettime
-nan 0.000000 0 1 clock_getres
-nan 0.000000 0 1 getpeername
-nan 0.000000 0 1 shmget |
I decided to dive into the source code and found something interesting: this, the wonderful moment when the code that checks whether you're root was added to Chromium.
These two lines tell us everything we need to know:
Code: | void BrowserMainPartsGtk::DetectRunningAsRoot() {
if (geteuid() == 0) {
|
They say Google Chrome runs a function called DetectRunningAsRoot in order to detect whether it's running as root and that function uses geteuid for that.
I wrote a simple library that implements a fake geteuid that never returns 0 (which is, root's user ID, always). That's how Chrome detects whether it's root, of course.
Here's the library code:
Code: | /* a fake UID; root's UID is always 0 and that's how Chrome find out who we
* are */
#define FAKE_UID (1)
/* a fake geteuid() function that returns the fake UID instead of root's one */
int geteuid() {
return FAKE_UID;
} |
To build it, use this:
Code: | gcc -shared -o libpuppygc.so libpuppygc.c |
This library needs to get loaded into Google Chrome, so it overrides the legitimate geteuid and therefore tricks Google Chrome. That's where LD_PRELOAD aids us.
The LD_PRELOAD environmental variable contains a list of libraries that are loaded into any process executed; in this case, we force Google Chrome to run with our evil library loaded it to it, which overrides the C library's geteuid().
And if you wondered, that's what puppy-chrome does, of course:
Code: | LD_PRELOAD="/usr/lib/libpuppygc.so" google-chrome |
A very simple approach can be used against any application that hates root - I was able to get rid of the warning message in the vanilla ROX-Filer this way, too. I just had to override getgid instead of geteuid.
Description |
|

Download |
Filename |
puppy-gc-001.pet |
Filesize |
1.59 KB |
Downloaded |
2668 Time(s) |
_________________ My homepage
My GitHub profile
|
Back to top
|
|
 |
tronkel

Joined: 30 Sep 2005 Posts: 1122 Location: Vienna Austria
|
Posted: Wed 19 Oct 2011, 12:08 Post subject:
|
|
@iguleder
Good detective work! I'm going to try it right now.
Thanks
Tronkel
_________________ Life is too short to spend it in front of a computer
|
Back to top
|
|
 |
Iguleder

Joined: 11 Aug 2009 Posts: 2031 Location: Israel, somewhere in the beautiful desert
|
Posted: Wed 19 Oct 2011, 12:15 Post subject:
|
|
Forgot to mention, I used it against the 32-bit DEB from here.
_________________ My homepage
My GitHub profile
|
Back to top
|
|
 |
tronkel

Joined: 30 Sep 2005 Posts: 1122 Location: Vienna Austria
|
Posted: Wed 19 Oct 2011, 13:53 Post subject:
|
|
@iguleder
Yes, works fine. Just tested it in Puppy 529 3-Headed-Dog
Google-Chrome will not start in the latest Wary 5.2 because of the different version of libc. Maybe Barry would take a look at this.
Could you please modify the pet for puppy-chrome to include a *desktop file sometime?
Thanks
Tronkel
_________________ Life is too short to spend it in front of a computer
|
Back to top
|
|
 |
Iguleder

Joined: 11 Aug 2009 Posts: 2031 Location: Israel, somewhere in the beautiful desert
|
Posted: Wed 19 Oct 2011, 14:31 Post subject:
|
|
I think I could extend this a bit and make it a bit smarter, by writing an executable which writes a copy of this library to /tmp, executes a given command line and deletes it.
I think we could use it for stubborn applications that don't like being executed as root.
This could be sort of a de-sudo
_________________ My homepage
My GitHub profile
|
Back to top
|
|
 |
tronkel

Joined: 30 Sep 2005 Posts: 1122 Location: Vienna Austria
|
Posted: Wed 19 Oct 2011, 14:48 Post subject:
|
|
@iguleder
Who would have imagined that Puppy Linux would ever have needed something like a reverse sudo command. However, it only takes one major player with a popular app such as Google Chrome to warrant such a thing.
Your idea of an executable to call an executable using this library is interesting, even though not many Linux executables work like this - well, not yet anyway. A good thing to have available in Puppy - just in case it's ever needed.
So, presumably this executable would be supplied with a command-line argument i.e. the name of the program to be run. This argument would then get passed to your program, let it do its stuff in /tmp and then disappear. Good.
Best regards
Tronkel
_________________ Life is too short to spend it in front of a computer
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15557 Location: Paradox Realm
|
Posted: Wed 19 Oct 2011, 19:45 Post subject:
|
|
Ideas are the root of creation.
Ernest Dimnet
_________________ Puppy on Raspberry Pi Release Candidate
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html 
|
Back to top
|
|
 |
666philb

Joined: 07 Feb 2010 Posts: 3511 Location: wales
|
Posted: Wed 19 Oct 2011, 20:27 Post subject:
|
|
just tested it with the VLC portable from http://sourceforge.net/projects/portable/files/ something that wouldn't usually work if you are root, and it worked a treat!..... nice one Iguleder!!!!
Not sure how to implement this, but you could have something like the 'set icon' dialogue. where you start your 'antirootcheck' program, then drag and drop the offending and demanding binary onto it. And it creates a .desktop file and script for /usr/bin/ to start the obnoxious program!
happy time
_________________ Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331
|
Back to top
|
|
 |
Iguleder

Joined: 11 Aug 2009 Posts: 2031 Location: Israel, somewhere in the beautiful desert
|
Posted: Thu 20 Oct 2011, 03:12 Post subject:
|
|
Wow, great idea!
I remember made a Skype PET that automatically adds a desktop icon - maybe we could take that code from there and make that icon run this thing with a parameter which contains a command line.
I'll think about it, maybe I'll even write this nice thing this weekend
_________________ My homepage
My GitHub profile
|
Back to top
|
|
 |
ndujoe1
Joined: 04 Dec 2005 Posts: 811
|
Posted: Thu 26 Jan 2012, 22:39 Post subject:
Google Chrome with Lucid 5.25 |
|
I downloaded Google Chrome and operate it with your pet. Sometime it functions and then sometimes I get this message:
Your profile could not be open properly.
Some features may be unavailable. Please check that the profile exits and you have permission to read and write.
In attempt to recitify this I click Google preferences, and personal and sign it and accept its access.
sometime this works sometime I can't reach the Preferences page nor the tools page.
I am about ready to give up. The reason I prefer the original Google Chrome is because it allows me to read the Amazon boobks that I have in the clould at
read.amazon.com
any suggestions or what I may be doing wrong? Thanks.
|
Back to top
|
|
 |
Iguleder

Joined: 11 Aug 2009 Posts: 2031 Location: Israel, somewhere in the beautiful desert
|
Posted: Fri 27 Jan 2012, 17:23 Post subject:
|
|
It's kinda weird that it works only sometimes. Are you sure you're running only one copy? Maybe it locks the configuration or some cache files.
_________________ My homepage
My GitHub profile
|
Back to top
|
|
 |
ndujoe1
Joined: 04 Dec 2005 Posts: 811
|
Posted: Fri 27 Jan 2012, 23:14 Post subject:
google chrome quirk |
|
yep I am only using one copy. Is there a debug section in Google Chrome that I could email to you to help disagnose the behaviour or past it here if it not too long?
|
Back to top
|
|
 |
soundNICK
Joined: 13 Oct 2010 Posts: 128
|
Posted: Tue 21 Feb 2012, 13:53 Post subject:
Re: Google Chrome as Root - The Revenge Subject description: A launcher that tricks Google Chrome |
|
Ive since seen somebody-s chrome for linux...
so... this post inaccurate
Last edited by soundNICK on Mon 29 Apr 2013, 04:48; edited 1 time in total
|
Back to top
|
|
 |
soundNICK
Joined: 13 Oct 2010 Posts: 128
|
Posted: Wed 22 Feb 2012, 11:51 Post subject:
Re: Google Chrome as Root - The Revenge Subject description: A launcher that tricks Google Chrome |
|
see above
Last edited by soundNICK on Mon 29 Apr 2013, 04:49; edited 4 times in total
|
Back to top
|
|
 |
soundNICK
Joined: 13 Oct 2010 Posts: 128
|
Posted: Wed 28 Mar 2012, 22:44 Post subject:
Re: Google Chrome as Root - The Revenge Subject description: A launcher that tricks Google Chrome |
|
ditto
Last edited by soundNICK on Mon 29 Apr 2013, 04:49; edited 1 time in total
|
Back to top
|
|
 |
|