Google Chrome as Root - The Revenge

Under development: PCMCIA, wireless, etc.
Message
Author
User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#31 Post by Mike Walsh »

Hi, slavvo.

It's not hard. I've just done it with 64-bit Iron 56.0.2959.0, released just the other day. I had a look at peebee's Chromium build, after Micko had tipped us off to this workaround of Iggy's, and 'borrowed' his 64-bit version of 'libpuppygc.so'. He wasn't bothered, in fact he said he expected me to! :lol:

Libpuppygc.so goes in the Iron directory. Then you add 'LD_PRELOAD="/opt/iron/libpuppygc.so" to the start of the exec line in the wrapper script. (It's /opt in this case, because that's where I put the Iron directory in my builds.)

(Just replace /opt with the location for your Iron directory. It should still work. You don't need the full contents of Iggy's .pet; just the 'libpuppygc.so' module. The 'LD_PRELOAD' bit goes at the start of the wrapper's exec line.)

Like this:-

Code: Select all

LD_PRELOAD="/opt/iron/libpuppygc.so" exec -a "$0" /opt/iron/chrome --user-data-dir=/root/.config/iron --disable-infobars "$@"
That works for the 64-bit versions. However, try as I might, it will not work for the 32-bit version of Iron. Previous versions to 56, of course, don't need it.

As far as I can tell, SRWare have coded the 32-bit version differently, somehow.....but I'm hanged if I can figure out a way round it yet.


Mike. :wink:

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#32 Post by OscarTalks »

Hi Mike,

Thought I would take a look at 32bit Iron 56 and I found that the library was refusing to preload for some reason. Couldn't think of anything further to try but just went on tinkering for a bit and decided to try Vivaldi to make a comparison. That seemed OK. Then went back to Iron and found it was working.

The only thing I think I had changed was that I had run strip --strip-unneeded on the Iguleder library because I noticed that I had not done that when I compiled it. It is only tiny anyway and I have never known a library not work if it is not stripped, but maybe preloading is different from just loading as a dynamic runtime library. Anyway, give that a try (if yours is not stripped) and see if it makes a difference for you. Perhaps I made some other change which I have forgotten but I don't think so.
EDIT:- When I tried putting the not-stripped lib back in it still worked so I am mystified.

The warnings in terminal seem to suggest that running as root while pretending not to be root is confusing poor old DBus (which needs to know where its HOME is I think). Not a major problem but perhaps someone can think of a way round this. Also this method produces warnings that the setuid sandbox is not running as root when in fact it is. At least it is running though. With this method available, users have the option to easily choose between running this way or just disabling all sandboxing and having the terminal less verbose.
Oscar in England
Image

User avatar
666philb
Posts: 3615
Joined: Sun 07 Feb 2010, 12:27
Location: wales ... by the sea

#33 Post by 666philb »

barry k added the 'bbe' utlility to the ubuntu pups that allows you to edit the binary and remove the root warning. this might work for the 32bit iron https://linux.die.net/man/1/bbe

here's a small script.

Code: Select all

#!/bin/sh
if [ -f /usr/bin/bbe ];then
if [ -f "$@"  ];then
bbe -e 's/geteuid/getppid/' "$@" > /tmp/antiroot-temp1
mv -f /tmp/antiroot-temp1  "$@"
chmod 755 "$@"
fi
fi
just make the script executable and then drop the binary onto it.
Bionicpup64 built with bionic beaver packages http://murga-linux.com/puppy/viewtopic.php?t=114311
Xenialpup64, built with xenial xerus packages http://murga-linux.com/puppy/viewtopic.php?t=107331

User avatar
OscarTalks
Posts: 2196
Joined: Mon 06 Feb 2012, 00:58
Location: London, England

#34 Post by OscarTalks »

Hello Phil,

Thanks for this. On initial testing with Iron 56 it seems to be working better than the preloaded library method. There is no DBus warning and no setuid sandbox warning in terminal. The SUID sandbox is showing as active, I can remove the --no-sandbox and --disable-infobars switches from the wrapper script. What I did was run the bbe edit from your script on the binary and replaced the old binary with the edited one in my package. Testing was done in Wheezy, (32bit obviously) with kernel 3.5.2 but will test other Chromium derivatives and other Puppies over time.
Oscar in England
Image

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#35 Post by slavvo67 »

The more explanations, the more I get frustrated. Now I know how the new users feel. :roll:

I'll stick with what I have for now.... Can't believe how angry I was getting over this.... It's not even that important as you can always patch security and run older version for years....

Have a script to combine debs. This is not a problem the menu entries sometimes show up; sometimes not.

Posted a 64bit Open Office Pet under Puppy Derivatives Section --> RU Xerus 64.

Plan on getting you a script posted here to automate most of the packaging.

Dry Falls
Posts: 616
Joined: Tue 16 Dec 2014, 23:37
Location: Upper Columbia

#36 Post by Dry Falls »

Mike Walsh wrote:Thanks for this, iguleder. Still works perfectly.....and even better now that peebee's converted 'libpuppygc.so' to 64-bit.
So where does one find the 64-bit version?
df

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#37 Post by Mike Walsh »

Hi, Dry Falls.

TBH, it hasn't been made 'available' as such. Peebee re-compiled it for 64-bit ; my compiling skills are abysmal, so I d/l'ed one of peebee's Chromium SFS packages and, er, 'borrowed' it. I told peebee what I'd done.....he said he half expected me to do just that..! Image

I think peebee, like Oscar, has moved on to using Phil B's 'bbe' workaround, as detailed a few posts back. It's all in aid of not only allowing 'running as root', but also retaining as much of the browser 'sandboxing' as possible. I've continued to use 'libpuppygc.so', since Iguleder originally developed it for Chrome; Chromium was the only other option at that time, I believe. SlimJet is a recent development, and it's only recently that Iron has caught up with the pack, and started to use the modern Chromium's 'guts' instead.

If you want to give it a try, you can find it at my MediaFire a/c, here:-

https://www.mediafire.com/folder/4tyhv0 ... Libpuppygc

Help yourself to the version you want. Just follow the instructions as given at the top of this page; place the lib inside the Chrome directory, then modify the wrapper script as detailed.

Let us know how you get on with it, please. It definitely works in the 64-bit builds, although I may start experimenting with the 'bbe' thingy myself.....just to see what happens, like!


Mike. :wink:

Dry Falls
Posts: 616
Joined: Tue 16 Dec 2014, 23:37
Location: Upper Columbia

#38 Post by Dry Falls »

Thanks Mike. This is the first time I've been able to download anything from mediafire. Not sure what might have been the problem before. I played some with the bbe script and successfully got rid of the offensive message ("running as root is known in the state of California to promote birth defects" or something of the sort). Doesn't work with dolphin, however, which in it's latest incarnation, will not even open as root. In this wonderful culture of paranoia, the programs have root privileges but root doesn't! go figure.

For chrome/chromium, prefacing the exec with "run-as-spot" works just fine. The latest script from fatdog is much improved.

Anyway, thanks again,

df

Post Reply