Puppy Linux Discussion Forum

[Mike Walsh]

@ mjmikulcik:-

I didn't rush an updated package of that 'point' release out, because I knew the new version (73) would be out any day now. Thanks for the 'heads-up', all the same. Appreciated.

The new version will be available for download later this evening. The mitigations for the referenced weakness should, of course, be in this new release.


Mike.

[Mike Walsh]

Evening, all.

The current stable version of Chrome - Google_Chrome-73.0.3683.75-amd64 - is now available for download, from the location referenced in post #1.

------------------------------------------------

Changes and updates in this release are as explained here, on the regular Chrome blog page.

60 security issues, including the recently-discovered 'critical' one (mentioned by mjmikulcik above) have been addressed since the previous release.

----------------------------------------------------

A small script, which has been placed in /usr/sbin & sym-linked into /root/Startup, now automatically runs the glib-compile-schemas compile command at boot time. Downloads/uploads, therefore, work as they should.

The 'Spot2Root' file permissions changer has also been updated. It now works with uploads as well as downloads.....as explained in an earlier post. Following an exchange of ideas & points raised via PM with mikeslr, I've added an extra line to the 'spot-to-root' module of the Permissions Changer which sits in the task-bar; when you select 'Spot-to-Root (for downloads)' in the GUI, ROX (or whatever your default file-manager happens to be) will now open on your 'Downloads' directory, ready to retrieve the newly-downloaded item.

------------------------------------------------------------------

Credits (as usual) :-

Battleshooter - for help with the self-contained NSS libs'n'stuff several releases back.
belham2 - for cobbling together the 'launch' script that is now employed.
And further back, 01Micko (the 'head honcho'), and iguleder - both of whom have indirectly helped keep this thread going for as long as it has, with references & links.

Thanks must also go to OscarTalks and peebee, for suggestions and assistance over the last couple of years.

---------------------------------

Any problems, boys & girls, you know where to find me.

Enjoy.


Mike.

[MrDuckGuy]

[Mike Walsh]

@ MrDuckGuy:-

Mm. Never really thought about it, TBH. In its current format, no (there's too many extra additions & bits'n'bobs in other directories to permit that). I could look into it, though it would be a perhaps 'stripped-down' version - some of the additional functionality (like the permissions changer for uploads/downloads, and the 'glib-schemas' compiler script) might have to be installed as separate .pets before you started using it.

When I started doing this a few years back I never envisaged running it that way. Consequently, it wasn't built with portability in mind.

I'll look into it, OK? Just don't expect to see it any time soon.....I have a lot on my plate most days (I'm a full-time carer, y'see). I'll put my considering cap on, and have a think about the best way to do this....


Mike.

[rufwoof]

Mike, as our resident Chrome expert, what are the limitations, if any, imposed by running google chrome with the --no-sandbox switch?

I'm not concerned about running as root with no sandboxing as I'm already containing chrome within a restricted environment anyway i.e. FatDog 8 with a Barry like containment (Xephyr, unshare, chroot with capsh (capabilities for sys_admin and chroot dropped)), so pretty much a heavily restricted 'root' - comparable to a low privilege/restricted userid that's isolated from the main FatDog X system. Providing you don't keep sensitive data/stuff within that container then that's impervious to even a zero day vulnerability. But I was wondering what limitations running with --no-sandbox might impose.

TIA.

[s243a]

[Mike Walsh]

Morning, ruffers.

Hoo... Y'know, to be perfectly honest, I've never really looked into the security aspects of it. Not in anywhere near the same way that I know you yourself do, quite regularly. (And I definitely dispute the 'expert' tag. I'm a bumbler, really, although I managed to assemble all the various bits that many other folks helped with over the last few years.....without making too many mistakes. I mean, it runs..... )

I digress.

Y'see, this is where the differences between the various Chromium 'clones' begins to show through. Chromium itself, as released, will run without the sandbox, although it doesn't like it.

-----------------------------------------------

SRWare's Iron, although using the 'chrome' shared library/binary thingy (it's not a binary executable in the true sense of the word, though it's where the bulk of the program lies), will also run without the sandbox.

-----------------------------------------------

FlashPeak, with recent releases of SlimJet, have coded things so that you've got to run it as a restricted user. No arguments. Try using the --no-sandbox switch, it just won't run.

-----------------------------------------------

Google, with Chrome, have done much the same. In true Google style, though, they've enhanced the standard sandbox set-up even further so that the browser uses around 5 different sandboxes, all interacting with each other. Which in part accounts for the huge size these browsers are now ballooning into. It decidedly will not run without the sandboxing enabled, and, moreover, that sandboxing is linked into the use as a restricted user. If you don't get all the conditions just right, it simply doesn't want to know.

I don't think, for your purposes, it would make any difference that you're already running it inside a container. The 'sandboxing' is fully internal to the browser process, and if you enable the switch, it wouldn't start.

Hope that throws some light on things.....though it's far from a complete answer.


Mike.

[rufwoof]

Oooerrr! Confused now!

I'm running google chrome as root inside that container with the --no-sandbox and it runs seemingly OK. Just has a bar come up initially saying that sandbox is disabled and security/functionality is compromised.

[rufwoof]

[Mike Walsh]

[rufwoof]

Whatever its going, with chrome just showing the puppy forum web page, all child processes spawned by chrome also have the --no-sandbox parameter. So yes does work.

Maybe because that container has cap_sys_admin and cap_sys_chroot capabilities dropped - chrome might perhaps be able to detect its not a full blown root. Running without the --no-sandbox however and it does complain/not run.

[rufwoof]

It would seem that running chrome with its sandbox requires root level chroot capabilities. Drop chroot capability and you have to use the --no-sandbox command line parameter. In a chroot container however you don't want chroot capabilities, otherwise you (or potential cracker) can just chroot out of the container.

So the choices would seem to be to either run as spot inside a container with chroot capabilities, but perhaps where spot doesn't have chroot potential, or run as root with no chroot capabilities at all.

Weighing things up, fundamentally do you put total faith in chrome's containment, and hope that spot can't elevate to root, or run chrome as root inside the Xephyr/unshare/chroot/capsh environment, with no-sandbox. Of the two the latter seems the better choice IMO, more so given recent chrome zero day bugs that potentially opened up the system. Also I have little faith in spot not being able to potentially elevate to root - potentially relatively easily, which further adds to the appeal of not permitting chroot capabilities.

In short I think Xephyr/unshare/chroot/capsh with chrome running as root with --no-sandbox is the better choice compared to trying to run chrome as spot within a container.

cd /pub
more beer

[s243a]

[Mike Walsh]

Evening, all.

The current stable version of Chrome - Google_Chrome-74.0.3729.108-amd64 - is now available for download, from the location referenced in post #1.

------------------------------------------------

Changes and updates in this release are as explained here, on the regular Chrome blog page.

39 security issues have been addressed since the previous release.

----------------------------------------------------

A small script, which has been placed in /usr/sbin & sym-linked into /root/Startup, now automatically runs the glib-compile-schemas compile command at boot time. Downloads/uploads, therefore, work as they should.

The 'Spot2Root' file permissions changer has also been updated. It now works with uploads as well as downloads.....as explained in an earlier post. Following an exchange of ideas & points raised via PM with mikeslr, I've added an extra line to the 'spot-to-root' module of the Permissions Changer which sits in the task-bar; when you select 'Spot-to-Root (for downloads)' in the GUI, ROX (or whatever your default file-manager happens to be) will now open on your 'Downloads' directory, ready to retrieve the newly-downloaded item.

It's also been re-written to remove the need for the intermediate 'Spot2Root' directory in /usr/share. Following some research using the Linux man pages, I've finally discovered how to move stuff from one directory to another and change permissions in the process, all in the one single line of code....

I'm steadily learning.

------------------------------------------------------------------

Credits (as usual) :-

Battleshooter - for help with the self-contained NSS libs'n'stuff several releases back.
belham2 - for cobbling together the 'launch' script that is now employed.
And further back, 01Micko (the 'head honcho'), and iguleder - both of whom have indirectly helped keep this thread going for as long as it has, with references & links.

Thanks must also go to OscarTalks and peebee, for suggestions and assistance over the last couple of years.

---------------------------------

Any issues, I'm usually kicking around somewhere on the Forums. You know how to get in touch.

Have fun!


Mike.

[albertox]

@Mike Walsh

Thank you so much Mike for keeping Chrome up to date, it's my favorite browser too. We are very lucky to have great people like you and the others in the forum who devote their free time to provide us with various software.

I don't know if this has been answered already, but I couldn't find it in search. I'm running TahrPup64 and SFS version. Chrome crashes if I try to change the downloads location. It also crashes if I set Downloads to "ask where to save", when trying to download before the choose location menu comes up.

I'm not sure if I'm doing something wrong, as I'm a newcomer to GNU/Linux, and still struggling with the technical stuff.
.