Running Chromium 11.0.696.3 as root

andriy155 · n00b Joined: 05 Feb 2006 Posts: 62 Location: Kyiv, Ukraine

Hi everyone,

New version of Chromium does not allow to run itself as root. Does anyone know specific setting in the config file responsible for this? I need to run Chromium as root. If I cannot figure this out, will probably need to migrate back to firefox.

Jaglover

Ant P. · Veteran Joined: 18 Apr 2009 Posts: 1295 Location: UK

If you want to shoot yourself in the head then fine, but we're not going to tell you how to switch the safety off.
_________________
sig temporarily out of order

cach0rr0

Jaglover

phajdan.jr · Developer Joined: 23 Mar 2006 Posts: 1672 Location: Poland

floppymaster · Posted: Sat Mar 19, 2011 5:16 pm Post subject:

According to this codereview, they added back the ability to run as root if you specify --user-data-dir on the command line.
http://codereview.chromium.org/6621045

I tested this on a recent trunk build 12.0.708.0 (78813), and the code seems to do exactly the opposite: if --user-data-dir is specified, it pops up a message stating that you need to specify --user-data-dir. Without --user-data-dir, the browser launches just fine.

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

I'm also agitated by this.. It's one thing to show a warning and offer a bypass. It's another to prevent a user from running as root without editing the source code. Security should ultimately be up to the end user to configure. Since I've updated my system 10mins ago.. I've been looking for a workaround. :oops:

cach0rr0 · Posted: Fri Mar 25, 2011 5:00 am Post subject:

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

I already did this, runs fine as normal user. But when I do --user-data-dir=/root/.config/chromium
after setting the correct folder permissions I get this..

[0325/000541:FATAL:chrome_main.cc(571)] Check failed: PathService::Override(chrome::DIR_USER_DATA, user_data_dir).
Aborted

I'd like at least to keep my data in my root directory for backup purposes. Still highly upset. :evil:

I'd rather not have to port over my bookmarks & user data.

Any one who limits options in a Unix environment rather then expanding options, gets a thumb down to put it nicely from me. I don't have time to waste editing source code or finding a work around.

wswartzendruber · Posted: Fri Mar 25, 2011 5:47 am Post subject:

I wonder why on earth he wanted to do this.

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

wswartzendruber · Posted: Fri Mar 25, 2011 6:09 am Post subject:

Sorry, I was asking about the OP.

Jaglover · Posted: Fri Mar 25, 2011 10:19 am Post subject:

cach0rr0 · Posted: Fri Mar 25, 2011 6:37 pm Post subject:

I don't think anyone would even notice they've been compromised if they're running X and everything else as root.
any nefarious piece of software doesn't hvae to do the usual routine of trying to crash something in a certain way at a certain time at a certain point of memory blah blah blah. All they have to do is say "oh, looking here, i already have root! I can hide from the kernel, hide from any apps that might be looking for me, man, this is great!" They already have root, they don't privilege escalation, they just need to run code on your machine, you're already root - oh, wait, your browser is running as root, and it's indiscriminately running every piece of code on every webpage you visit.

errr

anyway it's early and ive not had my coffee so im a bit of a pain.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

Yes, at one point in time I've been over zealous with security too. Not like I don't keep hash checksums of all my
files on backup, or keep firewall logs of access separate from my linux box. I'm all too familiar with exploits. I
appreciate the concern, and I understand. I don't use this system like, most people use their personal PC. I don't do
any thing on it I wouldn't do on a public library system. And this certainly isn't my only system. As far as some one
using my system as network bot.. my firewall is fairly decent to alert me to such activity. Although the chance might be real, it's slim to none. So call me a n00b all you want, it doesn't bother me at all. :roll:

I've already resolved my issue by editing the source code.

cach0rr0 · Posted: Fri Mar 25, 2011 7:42 pm Post subject:

there are limitations to what a person can convey via typed text

the above wasn't intended to sound like "omg n00b"

But realistically, look through vuln after vuln after vuln that's been published, there's a reason there's an entire separate class of vulnerabilities/bugs called "privilege escalation vulnerabilities"
There's a reason the guys buliding these applications will often block them from being run as root.
If I have root on your system, I can hide quite literally anything I like from you. I can hide files from your backup process, I can hide things from you even though you're running as root, I have full unfettered access to change anything I like on the kernel side of things. There is a reason the security community freaks out when they hear about people running X, chrome, or any other application as root. There is a reason. you see virtually every daemon runs suid as some other user. And especially with a web browser, that is THE number one attack vector against the desktop. The risk is there, present, and real, no matter what other steps you may be taking to try and mitigate the risk.

Having said all of that? Dude, it's your system. If you're happy with it, realistically that's all that matters. At the same time, there should be a realistic expectation that, since desktop systems were specifically designed NOT to be run as root, and programmers and other folks have taken great steps to prevent it, there's going to be limited support for doing so, things are going to break, and yes, people are going to jump up and down when they hear you're doing it.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash

hamilito · n00b Joined: 18 Aug 2010 Posts: 33

This post got me thinking and I can only get one analogy: Root = God or God = Root

With that said root created the earth and every living thing on the planet and also has the power to destroy it.

lol I'm only joking.

Read the thread and got all stressed out.

I don't use root. Only strict administrative purposes and still feel paranoid sometimes monitoring network traffic.
Not that that would prevent anyone from coming in.

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

I don't think the original poster really asked for any ones input on security. And to answer
his question the only way you can run it as root is to edit the source code.

/src/chrome/browser/browser_main_gtk.cc

line 77

if (geteuid() == 0) {

Change 0 to an id thats currently not in use on your system.

For example..

if (geteuid() == 1234) {

You can make a patch & auto roll it into your portage using a env script.

ronmon · Posted: Sat Mar 26, 2011 1:05 pm Post subject:

This whole discussion is crazy. Why in the hell would anyone WANT to do this in the first place? I can't imagine any advantage in running a browser as root, only disadvantages. Good luck, pal.
_________________
Ask Questions the Smart Way - by ESR

Ant P. · Veteran Joined: 18 Apr 2009 Posts: 1295 Location: UK

cach0rr0 · Posted: Sat Mar 26, 2011 10:12 pm Post subject:

look, ultimately people are well within their rights to do this
it's their system to customize and play with as they see fit.

however they shouldn't do so without a realistic expectation that people are going to tell them NOT to do so, because well, there really isn't even an argument, this is a bad idea.
and to that same end, since the people writing various applications and other pieces of code realize it's a bad idea, there should be an expectation that support for doing this is going to be negligible

This isn't one of those topics of discussion where nobody is wrong and everyone just has an opinion. These things are designed NOT to be run as root, the bulk of the security models within Linux are crafted around the idea that people are NOT going to be running things as root. Developers will tell you this, security experts will tell you this, end of discussion. You want to use something contrary to its design, go right ahead, but you're going to be told you're doing so, and don't expect it to work.

ronmon · Posted: Sun Mar 27, 2011 1:41 pm Post subject:

keet · Guru Joined: 09 Sep 2008 Posts: 322

zeronullity · n00b Joined: 16 Oct 2010 Posts: 29

I don't think I could have said it much better myself moderator. It's just sad to see everyone flaming
but no one helping. Chromium group has the right to write the source code any way they see fit... I just
don't like things crammed down my throat. Not many other packages restrict security this way without at
least providing a optional variable to change. In fact the 100's of packages I have installed on my system
I can only of think of 2 that do this but offer a bypass. I have no disagreements with the security aspect
of NOT running as root. Just the fact there is absolutely no need to run it as root. Thats like saying I know
everything, I know all possibilities, that just seems arrogant to me... but that's my opinion.