View previous topic :: View next topic |
Author |
Message |
hrnick Guru

Joined: 31 Aug 2002 Posts: 429 Location: Sweden
|
Posted: Sat Apr 28, 2018 5:43 pm Post subject: Chromium doesn't work after chmod [solved] |
|
|
Hi!
I've lately gone through the Gentoo Security Handbook in order to make my system less vulnerable. I followed the steps in the file permissions section and specifically the world or group writable section.
After changing the permissions (chmod o-w as specified in the guide) chromium and libreoffice couldn't start but I fixed libreoffice by restoring o+w to /var/tmp and I suspect there's something similar going on with chromium. This is the output I get when trying to start chromium:
Code: | [15311:15320:0428/193500.823233:FATAL:memory.cc(22)] Out of memory. size=131072
#0 0x55768dce6ddc <unknown>
#1 0x55768dcfe91e <unknown>
#2 0x55768dd22b6e <unknown>
#3 0x55768dd09c22 <unknown>
#4 0x55768dd09dd0 <unknown>
#5 0x55768c98a0e9 <unknown>
#6 0x55768c988431 <unknown>
#7 0x55768c988285 <unknown>
#8 0x55768c977943 <unknown>
#9 0x55768dce75ad <unknown>
#10 0x55768dd046e1 <unknown>
#11 0x55768dd04c78 <unknown>
#12 0x55768dd06779 <unknown>
#13 0x55768dd29405 <unknown>
#14 0x55768c810ab8 <unknown>
#15 0x55768c810c31 <unknown>
#16 0x55768dd50b92 <unknown>
#17 0x55768dd4eecd <unknown>
#18 0x7f250613a92a start_thread
#19 0x7f24fb66c65f clone
Received signal 6
#0 0x55768dce6ddc <unknown>
#1 0x55768dce6941 <unknown>
#2 0x7f2506147180 <unknown>
#3 0x7f24fb59ffb0 gsignal
#4 0x7f24fb5a1b07 abort
#5 0x55768dce5135 <unknown>
#6 0x55768dcfec0c <unknown>
#7 0x55768dd22b6e <unknown>
#8 0x55768dd09c22 <unknown>
#9 0x55768dd09dd0 <unknown>
#10 0x55768c98a0e9 <unknown>
#11 0x55768c988431 <unknown>
#12 0x55768c988285 <unknown>
#13 0x55768c977943 <unknown>
#14 0x55768dce75ad <unknown>
#15 0x55768dd046e1 <unknown>
#16 0x55768dd04c78 <unknown>
#17 0x55768dd06779 <unknown>
#18 0x55768dd29405 <unknown>
#19 0x55768c810ab8 <unknown>
#20 0x55768c810c31 <unknown>
#21 0x55768dd50b92 <unknown>
#22 0x55768dd4eecd <unknown>
#23 0x7f250613a92a start_thread
#24 0x7f24fb66c65f clone
r8: 0000000000000000 r9: 00007f24e3ffd580 r10: 0000000000000008 r11: 0000000000000246
r12: 00007f24fbf45cc0 r13: 00007f24e3ffdc98 r14: 000000000000004f r15: 00007f24e3ffdc90
di: 0000000000000002 si: 00007f24e3ffd580 bp: 00007f24e3ffd7d0 bx: 0000000000000006
dx: 0000000000000000 ax: 0000000000000000 cx: 00007f24fb59ffb0 sp: 00007f24e3ffd580
ip: 00007f24fb59ffb0 efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated. |
Unfortunately I'm not sure exactly what files/directories I changed the permission for (lesson learned). Does anyone have an idea on what permissions I need to restore where in order for chromium to run again?
Thanks in advance!
Last edited by hrnick on Tue May 01, 2018 4:29 pm; edited 1 time in total |
|
Back to top |
|
 |
Hu Administrator

Joined: 06 Mar 2007 Posts: 23098
|
Posted: Sat Apr 28, 2018 8:32 pm Post subject: |
|
|
I don't have a direct answer for you, but I do have a way you can try to solve this. Use strace (from dev-util/strace) to monitor all system calls made by the program(s). It will show you system call inputs and outputs, so you can see which paths the program tries to access, which of those succeed, and which fail. Look for paths that fail with "Permission denied" for requests that require write access. Cross-check that against paths that you likely would have changed the permissions on. If you're not sure, post here all the denied paths. Some denials may be legitimate if the program goes exploring to test the limits of its reach, so do not blindly grant access solely on the basis that it is currently denied. |
|
Back to top |
|
 |
hrnick Guru

Joined: 31 Aug 2002 Posts: 429 Location: Sweden
|
Posted: Sun Apr 29, 2018 1:45 pm Post subject: |
|
|
Thanks for your reply!
Here's the output from:
# strace chromium 2> trace.txt
And for comparison here's:
# sudo strace chromium --no-sandbox 2> trace2.txt (which works as expected so it's likely a permission related problem)
I tried setting o+w for files in /sys/fs since those files are opened right before the permission denied message but it didn't make a difference. Any suggestions on what to try next?
Thanks again! |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Apr 29, 2018 7:08 pm Post subject: |
|
|
Nothing in /sys should ever be chmod o+w. You have a really screwed up and potentially vulnerable system, first reboot to get the virtual filesystems back into a sane state, then we can go from there. |
|
Back to top |
|
 |
hrnick Guru

Joined: 31 Aug 2002 Posts: 429 Location: Sweden
|
Posted: Tue May 01, 2018 4:29 pm Post subject: |
|
|
Well that struck me as odd as well and I made sure to chmod o-w it right away after trying. I just wanted to see if it made a difference.
It turns out that chromium started just fine after rebooting the system. I was a little reluctant to do so right away in case anything else was broken after my chmod adventures. Anyway, this seems solved now.
Thanks for your help! |
|
Back to top |
|
 |
|