If you use Google Docs that often, you'd already have granted it all needed permissions. So it should raise some eyebrows if "Google Docs" asks for "those" permissions again
Um, no actually, I actively cheer them on for catching murderers because I strongly believe murderers shouldn't be allowed free in society. I don't know what weird ideology you have that believes otherwise.
Actually, Niemöller's poem never talked about murderers, but merely about Socialists, Trade Unionists and Jews. Well, some variants listed communists, incurable patients, Jehova's witnesses, civilians of occupied countries, but none listed murderers.
Let's say you change the laws and make possessing it a non-criminal offense. The first thing that will happen is that people will monetize it (selling/subscriptions/advertising/etc) and when there is a demand for additional/higher quality content, it will be purchased from the abusers.
They could start by only criminalizing commerce in such pictures. This would remove the incentive to plant it, or to simply mislabel innocent pictures as something nasty (who's gonna contradict law enforcement, when mere viewing of such pictures is a crime?)
And we where talking about Chrome, not Chromium, or do I miss anything?
In my case it's Chromium (hence nicely packaged as a.deb), but the original poster observed the same thing about Chrome. That it also happens with Chromium on some distributions is worrisome: Chromium is supposed to be repackaged, so that the distributor can remove such shenanigans. Ubuntu managed to do that (in 16.10). Debian, unfortunately, didn't.
Sorry, if that applications needs s-bit as root to run: delete it.
Which is what ended up doing...
And I would have done it much earlier had I known (suspected) this. And in order give other people, who might still be as unsuspecting as I am, a heads up, I'm talking about it.
$ ls -ld/bin/ping
-rwsr-xr-x 1 root root 60288 Jun 15 2016/bin/ping
Not on my Debian:
> ls -ld/bin/ping
-rwxr-xr-x 1 root root 44104 Nov 8 2014/bin/ping
You're talking about using software that has access to your keystrokes, mouse movements and clicks,
Only its own (although I wouldn't trust most distros' X setups to appropriately protect applications from each other in that regard, but that's another peeve...).
the plaintext of your TLS sessions.
Again, only their own. As long as I use Firefox for the serious stuff, and chromium only for browsing Javascript infested thrashcan sites my TLS sessions (from Firefox) would still be safe. But with this bug... not so sure.
It also controls the layout and placement of the content that it's presented. The majority of PC-using Americans do pretty much everything in their web browsers.
This is not about the computers of the trump voters (these would use IE 11 on Windows anyways...), but about the computers of more tech-savvy users who just wouldn't expect something like this.
If Google were malicious, they'd be able to get all the data they'd ever want without ever touching root privs.
Not malicious, just callous. Rechklessly allowing third parties (shady sites packed full of Javascripts) to leverage that hole to get admin on victim's computer.
Actually, this is a Debian system where I saw this... And one Anonymous Coward claims that on his Ubuntu 16.10 system, Chromium doesn't have the bug. So let's be careful who deserves the blame here... my hunch is that it's google itself, rather than the distro.
Unfortunately, it does, I didn't believe it myself at first...:
# ls -l/usr/lib/chromium/chrome-sandbox
-rwsr-xr-x 1 root root 14664 Jan 30 18:39/usr/lib/chromium/chrome-sandbox
Removing that s bit causes chromium to refuse to run:
> chromium
[28193:28193:0225/213608.315538:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that/usr/lib/chromium/chrome-sandbox is owned by root and has mode 4755.
#0 0x564a04ba083e <unknown>
#1 0x564a04bb4f7b <unknown>
#2 0x564a05a0f4cf <unknown>
#3 0x564a043f3def <unknown>
#4 0x564a043f325e <unknown>
#5 0x564a043f384e <unknown>
#6 0x564a0408872c <unknown>
#7 0x564a0409036d <unknown>
#8 0x564a04087dcc <unknown>
#9 0x564a0480764b <unknown>
#10 0x564a04805fa0 <unknown>
#11 0x564a033de1bc ChromeMain
#12 0x7ff5074f5b45 __libc_start_main
#13 0x564a033de069
Here's a movie script idea for you Hollywood: Make a sequel to Superman where Lex Luther actually does sink California in the ocean. That I'd like to see.
Be careful what you wish for. They might do so, and it might be a documentary. Indeed, orange rhymes with climate change denial...
If he takes a ride in a diplomatic car, local cops can't touch him.
However, they can touch him before he is even able to reach that diplomatic car. Indeed, the Ecuadorian embassy is in a multi-tenant building, and the staircase leading from the embassy to the parking garage is not extraterritorial. And British cops do indeed hang around in that staircase, exactly to prevent this from happening.
There would still be the possibility of valise diplomatique but that one is only protected as long as there are no obvious signs that it contains something else than documents (and a huge trunk giving off infrared radiation due to body heat obviously does not contain only documents...)
You don't need to be convicted or even charged with any crime or act to be pardoned. A pardon is essentially the head of the executive branch saying the executive branch will not execute laws in regards to a specific person, situation, etc.
How would that work if you're only in charge for 2 more days for that executive branch? No, a pardon is much more, it actually reduces/negates the sentence.
Moreover, even the head of an executive branch cannot "pardon" everybody in his jurisdiction in all circumstances. Here's a case where the governor of Florida tried just that, and was stopped by court.
Slashdot Mirror
You can put it on your lap, can't you?
... but it runs so hot that it will burn your willy if you do so. So, you can still sue!
Because she wasn't persecuted as a pedophile?
If you use Google Docs that often, you'd already have granted it all needed permissions. So it should raise some eyebrows if "Google Docs" asks for "those" permissions again
Yeah, but how do we eliminate the "Biotech News Blues"?
Ok, I know I'm stretching for an "orifice" joke there, but in my defence, it's Monday.
While we're on the subject of strange meteorological phenomena: that's a huge orifice in the sky up there...
Um, no actually, I actively cheer them on for catching murderers because I strongly believe murderers shouldn't be allowed free in society. I don't know what weird ideology you have that believes otherwise.
Actually, Niemöller's poem never talked about murderers, but merely about Socialists, Trade Unionists and Jews. Well, some variants listed communists, incurable patients, Jehova's witnesses, civilians of occupied countries, but none listed murderers.
Because it's broken?
Especially because cars still have problems to cross at least 20 miles of sea, and a bridge does not exist.
So these guys ought to try to sell us a bridge instead...
... methink, actually they do :-)
Just make sure that hub isn't plugged into a Windows computer, since the stick could have a malicious data payload.
FTFY
Nope
Let's say you change the laws and make possessing it a non-criminal offense. The first thing that will happen is that people will monetize it (selling/subscriptions/advertising/etc) and when there is a demand for additional/higher quality content, it will be purchased from the abusers.
They could start by only criminalizing commerce in such pictures. This would remove the incentive to plant it, or to simply mislabel innocent pictures as something nasty (who's gonna contradict law enforcement, when mere viewing of such pictures is a crime?)
We do not know whether quenda is hiding anything or not, but one thing is sure: you've got something to hide: your name, you anonymous coward!
And we where talking about Chrome, not Chromium, or do I miss anything?
In my case it's Chromium (hence nicely packaged as a .deb), but the original poster observed the same thing about Chrome. That it also happens with Chromium on some distributions is worrisome: Chromium is supposed to be repackaged, so that the distributor can remove such shenanigans. Ubuntu managed to do that (in 16.10). Debian, unfortunately, didn't.
Sorry, if that applications needs s-bit as root to run: delete it.
Which is what ended up doing...
And I would have done it much earlier had I known (suspected) this. And in order give other people, who might still be as unsuspecting as I am, a heads up, I'm talking about it.
I guess that is more a problem of the installation process than any 'necessity' ... if you know that, why don't you remove the s bit?
Have you stopped beating your wife? :-)
Well, as stated in my other message, if I remove the s bit Chromium will refuse to start.
And how can it be that the user and groop is root anyway?
Most software belongs to root... (have you actually ever looked at any software on your own system, or are you just trolling?)
I guess you installed Chrome as root
In this case, I trusted my distribution, and installed the .deb from repository.
so the mistake is just yours.
If I had installed it manually in my own directory, chances are, it would refuse to run (... as it would not be setuid root)
$ ls -ld /bin/ping /bin/ping
-rwsr-xr-x 1 root root 60288 Jun 15 2016
Not on my Debian:
> ls -ld /bin/ping /bin/ping
-rwxr-xr-x 1 root root 44104 Nov 8 2014
You're talking about using software that has access to your keystrokes, mouse movements and clicks,
Only its own (although I wouldn't trust most distros' X setups to appropriately protect applications from each other in that regard, but that's another peeve...).
the plaintext of your TLS sessions.
Again, only their own. As long as I use Firefox for the serious stuff, and chromium only for browsing Javascript infested thrashcan sites my TLS sessions (from Firefox) would still be safe. But with this bug... not so sure.
It also controls the layout and placement of the content that it's presented. The majority of PC-using Americans do pretty much everything in their web browsers.
This is not about the computers of the trump voters (these would use IE 11 on Windows anyways...), but about the computers of more tech-savvy users who just wouldn't expect something like this.
If Google were malicious, they'd be able to get all the data they'd ever want without ever touching root privs.
Not malicious, just callous. Rechklessly allowing third parties (shady sites packed full of Javascripts) to leverage that hole to get admin on victim's computer.
On my machine (Fedora 25): /usr/lib/chromium/chrome-sandbox
> ls -ld
ls: cannot access '/usr/lib/chromium/chrome-sandbox': No such file or directory
Careful there, the offending binary might just be called something else (chrome instead of chromium, in /usr/local/lib instead of /usr/lib), etc.
Just try locate sandbox, or rpm -q -l chromium | xargs ls -ld | egrep '^-..s' to be sure...
Ubuntu has a lot to answer for IMO.
Actually, this is a Debian system where I saw this... And one Anonymous Coward claims that on his Ubuntu 16.10 system, Chromium doesn't have the bug. So let's be careful who deserves the blame here... my hunch is that it's google itself, rather than the distro.
Nothing in Chrome requires a root user.
Unfortunately, it does, I didn't believe it myself at first...: /usr/lib/chromium/chrome-sandbox /usr/lib/chromium/chrome-sandbox
# ls -l
-rwsr-xr-x 1 root root 14664 Jan 30 18:39
Removing that s bit causes chromium to refuse to run: /usr/lib/chromium/chrome-sandbox is owned by root and has mode 4755.
> chromium
[28193:28193:0225/213608.315538:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that
#0 0x564a04ba083e <unknown>
#1 0x564a04bb4f7b <unknown>
#2 0x564a05a0f4cf <unknown>
#3 0x564a043f3def <unknown>
#4 0x564a043f325e <unknown>
#5 0x564a043f384e <unknown>
#6 0x564a0408872c <unknown>
#7 0x564a0409036d <unknown>
#8 0x564a04087dcc <unknown>
#9 0x564a0480764b <unknown>
#10 0x564a04805fa0 <unknown>
#11 0x564a033de1bc ChromeMain
#12 0x7ff5074f5b45 __libc_start_main
#13 0x564a033de069
zsh: abort chromium
Chrome runs under the user id it was started from.
... and then proceeds by invoking a set-uid binary (that it conveniently set up at installation time) to become root:
# ls -ld /usr/lib/chromium/chrome-sandbox /usr/lib/chromium/chrome-sandbox
-rwsr-xr-x 1 root root 14664 Jan 30 18:39
Linux setuid sandbox allows local privilege escalation
Here's a movie script idea for you Hollywood: Make a sequel to Superman where Lex Luther actually does sink California in the ocean. That I'd like to see.
Be careful what you wish for. They might do so, and it might be a documentary. Indeed, orange rhymes with climate change denial...
As a bonus, the company will get to record and sell everything you "do" in the car,
... so you'll be shipped back to London, even if you park your car well out of sight
Fake news: HOAX ALERT: Tiny time traveler’s watch is not real (UPDATED)
If he takes a ride in a diplomatic car, local cops can't touch him.
However, they can touch him before he is even able to reach that diplomatic car. Indeed, the Ecuadorian embassy is in a multi-tenant building, and the staircase leading from the embassy to the parking garage is not extraterritorial. And British cops do indeed hang around in that staircase, exactly to prevent this from happening.
There would still be the possibility of valise diplomatique but that one is only protected as long as there are no obvious signs that it contains something else than documents (and a huge trunk giving off infrared radiation due to body heat obviously does not contain only documents...)
Leaked documents reveal Ecuadorian Embassy's 'disguise' escape plan
You don't need to be convicted or even charged with any crime or act to be pardoned. A pardon is essentially the head of the executive branch saying the executive branch will not execute laws in regards to a specific person, situation, etc.
How would that work if you're only in charge for 2 more days for that executive branch? No, a pardon is much more, it actually reduces/negates the sentence.
Moreover, even the head of an executive branch cannot "pardon" everybody in his jurisdiction in all circumstances. Here's a case where the governor of Florida tried just that, and was stopped by court.
For Forbes however, you're right. Interesting to see that they've sunk down to the level of Bildzeitung...