---
EDIT 2018-02-21 05:01+00:00 s/ublocko/uBlock0/ and variants of it corrections. The copy/pasting now works verbatim for getting and on the tcp.stream.
---
Freshly compiled Pale Moon, see:
Building Pale Moon on Devuan fails
viewtopic.php?f=57&t=15751&p=135172#p135172
Code: Select all
root@gdOv:/usr/lib/palemoon# ls -l
total 90208
-rw-r--r-- 1 root root 452 2018-02-01 21:25 application.ini
drwxr-xr-x 7 root root 4096 2018-02-18 21:24 browser
-rw-r--r-- 1 root root 40 2018-02-01 21:25 chrome.manifest
drwxr-xr-x 2 root root 4096 2018-02-18 21:24 components
drwxr-xr-x 3 root root 4096 2017-07-07 16:00 defaults
-rw-r--r-- 1 root root 188 2018-02-01 21:25 dependentlibs.list
drwxr-xr-x 2 root root 4096 2018-02-18 21:24 dictionaries
-rw-r--r-- 1 root root 899 2018-02-01 21:25 libfreeblpriv3.chk
-rw-r--r-- 1 root root 498144 2018-02-01 21:25 libfreeblpriv3.so
-rw-r--r-- 1 root root 10965904 2018-02-01 21:25 libicudata.so.58
-rw-r--r-- 1 root root 2022040 2018-02-01 21:25 libicui18n.so.58
-rw-r--r-- 1 root root 1419976 2018-02-01 21:25 libicuuc.so.58
-rw-r--r-- 1 root root 10440 2018-02-01 21:25 libmozalloc.so
-rw-r--r-- 1 root root 7266608 2018-02-01 21:25 libmozjs.so
-rw-r--r-- 1 root root 833528 2018-02-01 21:25 libmozsqlite3.so
-rw-r--r-- 1 root root 244632 2018-02-01 21:25 libnspr4.so
-rw-r--r-- 1 root root 997016 2018-02-01 21:25 libnss3.so
-rw-r--r-- 1 root root 599776 2018-02-01 21:25 libnssckbi.so
-rw-r--r-- 1 root root 899 2018-02-01 21:25 libnssdbm3.chk
-rw-r--r-- 1 root root 117728 2018-02-01 21:25 libnssdbm3.so
-rw-r--r-- 1 root root 175464 2018-02-01 21:25 libnssutil3.so
-rw-r--r-- 1 root root 18648 2018-02-01 21:25 libplc4.so
-rw-r--r-- 1 root root 14456 2018-02-01 21:25 libplds4.so
-rw-r--r-- 1 root root 139912 2018-02-01 21:25 libsmime3.so
-rw-r--r-- 1 root root 899 2018-02-01 21:25 libsoftokn3.chk
-rw-r--r-- 1 root root 217168 2018-02-01 21:25 libsoftokn3.so
-rw-r--r-- 1 root root 262496 2018-02-01 21:25 libssl3.so
-rw-r--r-- 1 root root 58018912 2018-02-01 21:25 libxul.so
-rw-r--r-- 1 root root 7629688 2018-02-01 21:25 omni.ja
-rwxr-xr-x 1 root root 416968 2018-02-01 21:25 palemoon
-rw-r--r-- 1 root root 47 2018-02-01 21:25 platform.ini
-rwxr-xr-x 1 root root 400536 2018-02-01 21:25 plugin-container
-rw-r--r-- 1 root root 711 2018-02-01 21:25 removed-files
-rwxr-xr-x 1 root root 8915 2018-01-29 09:49 run-mozilla.sh
root@gdOv:/usr/lib/palemoon#
As usual these:
# ls -ABRgo palemoon plugin-container
Code: Select all
-rwxr-xr-x 1 416968 2018-02-01 21:25 palemoon
-rwxr-xr-x 1 400536 2018-02-01 21:25 plugin-container
will need to be allowed more slack:
Code: Select all
# paxctl -v palemoon plugin-container
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>
file palemoon does not have a PT_PAX_FLAGS program header, try conversion
file plugin-container does not have a PT_PAX_FLAGS program header, try conversion
root@gdOv:/usr/lib/palemoon# paxctl -c palemoon plugin-container
file palemoon had a PT_GNU_STACK program header, converted
file plugin-container had a PT_GNU_STACK program header, converted
# paxctl -v palemoon plugin-container
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>
- PaX flags: -------x-e-- [palemoon]
RANDEXEC is disabled
EMUTRAMP is disabled
- PaX flags: -------x-e-- [plugin-container]
RANDEXEC is disabled
EMUTRAMP is disabled
#
Code: Select all
mr@gdOv:~$ strace -tt -s128 -o ~mr/strace.d/palemoon_$(date +%y%m%d_%H%M%S)_O palemoon
Segmentation fault
mr@gdOv:~$
Code: Select all
Feb 20 09:38:01 gdOv kernel: [256672.320749] grsec: (mr:U:/) exec of /bin/date (date +%y%m%d_%H%M%S ) by /bin/date[bash:19681] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:01 gdOv kernel: [256672.329813] grsec: (mr:U:/usr/bin/strace) exec of /usr/bin/strace (strace -tt -s128 -o /home/mr/strace.d/palemoon_180220_+093801_O palemoon ) by /usr/bin/strace[bash:19682] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:01 gdOv kernel: [256672.336771] grsec: (mr:U:/usr/bin/strace) process /usr/bin/strace(strace:19683) attached to via ptrace by /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:01 gdOv kernel: [256672.338763] grsec: (mr:U:/usr/bin/strace) process /usr/bin/strace(strace:19684) attached to via ptrace by /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:01 gdOv kernel: [256672.340779] grsec: (mr:U:/usr/lib/palemoon/palemoon) exec of /usr/lib/palemoon/palemoon (palemoon ) by /usr/lib/palemoon/palemoon[strace:19684] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:02 gdOv kernel: [256672.605395] grsec: (mr:U:/usr/lib/palemoon/palemoon) denied RWX mprotect of <anonymous mapping> by /usr/lib/palemoon/palemoon[palemoon:19684] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:02 gdOv kernel: [256672.605732] grsec: (mr:U:/usr/lib/palemoon/palemoon) Segmentation fault occurred at (nil) in /usr/lib/palemoon/palemoon[palemoon:19684] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 09:38:02 gdOv kernel: [256672.619188] grsec: (mr:U:/usr/bin/strace) denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/strace[strace:19682] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Code: Select all
mr@gdOv:~$ ls -ltr strace.d/palemoon_180220_093801_O
-rw-r--r-- 1 mr mr 85504 2018-02-20 09:38 strace.d/palemoon_180220_093801_O
mr@gdOv:~$ ls -ltrh strace.d/palemoon_180220_093801_O
-rw-r--r-- 1 mr mr 84K 2018-02-20 09:38 strace.d/palemoon_180220_093801_O
mr@gdOv:~$
Maybe a few lines of it though:
Code: Select all
[...]
09:38:02.006055 mmap(NULL, 2179152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x36efc045000
09:38:02.006340 mprotect(0x36efc058000, 2093056, PROT_NONE) = 0
09:38:02.006536 mmap(0x36efc257000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x12000) = 0x36efc257000
09:38:02.006767 mmap(0x36efc259000, 80, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x36efc259000
09:38:02.007001 close(4) = 0
09:38:02.007916 mprotect(0x36efc257000, 4096, PROT_READ) = 0
09:38:02.008165 mprotect(0x36efc45d000, 4096, PROT_READ) = 0
[...]
09:38:02.027198 mprotect(0x36f02bca000, 28672, PROT_READ) = 0
09:38:02.028844 mprotect(0x36f02edc000, 32768, PROT_READ) = 0
09:38:02.049012 mprotect(0x36f068ad000, 4317184, PROT_READ) = 0
09:38:02.049610 gettimeofday({tv_sec=1519119482, tv_usec=49683}, NULL) = 0
09:38:02.049899 statfs("/sys/fs/selinux", 0x3952a9eeee0) = -1 ENOENT (No such file or directory)
09:38:02.050185 statfs("/selinux", 0x3952a9eeee0) = -1 ENOENT (No such file or directory)
09:38:02.050395 openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_CLOEXEC) = 4
09:38:02.050830 fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
09:38:02.051191 read(4, "nodev\tsysfs\nnodev\trootfs\nnodev\tramfs\nnodev\tbdev\nnodev\tproc\nnodev\tcpuset\nnodev\tcgroup\nnodev\tcgroup2\nnodev\ttmpfs\nnodev\tdevtmpfs\nno"..., 1024) = 419
09:38:02.051536 read(4, "", 1024) = 0
09:38:02.051727 close(4) = 0
09:38:02.051972 access("/etc/selinux/config", F_OK) = -1 ENOENT (No such file or directory)
09:38:02.052474 futex(0x36f00f1ae28, FUTEX_WAKE_PRIVATE, 2147483647) = 0
09:38:02.052680 futex(0x36f00f1ae28, FUTEX_WAKE_PRIVATE, 2147483647) = 0
09:38:02.053262 clock_gettime(CLOCK_MONOTONIC, {tv_sec=256672, tv_nsec=597474991}) = 0
09:38:02.053467 clock_gettime(CLOCK_MONOTONIC, {tv_sec=256672, tv_nsec=597669708}) = 0
[...]
09:38:02.057254 clock_gettime(CLOCK_MONOTONIC, {tv_sec=256672, tv_nsec=601464324}) = 0
09:38:02.057464 clock_gettime(CLOCK_MONOTONIC, {tv_sec=256672, tv_nsec=601674966}) = 0
09:38:02.057744 munmap(0x36f0a86c000, 82001) = 0
09:38:02.058139 gettid() = 19684
09:38:02.058365 rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x36f0a53e180}, NULL, 8) = 0
09:38:02.058660 gettimeofday({tv_sec=1519119482, tv_usec=58727}, NULL) = 0
09:38:02.059012 futex(0x36f06d64f50, FUTEX_WAKE_PRIVATE, 2147483647) = 0
09:38:02.059504 futex(0x36f0a32605c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
09:38:02.059812 futex(0x36f0a326068, FUTEX_WAKE_PRIVATE, 2147483647) = 0
09:38:02.060133 read(3, "", 4096) = 0
09:38:02.060341 close(3) = 0
09:38:02.060692 clock_gettime(CLOCK_MONOTONIC, {tv_sec=256672, tv_nsec=604899398}) = 0
09:38:02.060942 mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x36efb82c000
09:38:02.061155 mprotect(0x36efb82d000, 8388608, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 EACCES (Permission denied)
09:38:02.061392 munmap(0x36efb82c000, 8392704) = 0
09:38:02.061640 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
09:38:02.074759 +++ killed by SIGSEGV +++
Code: Select all
root@gdOv:/usr/lib/palemoon# paxctl -v palemoon plugin-container
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>
- PaX flags: -----m-x-e-- [palemoon]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
- PaX flags: -----m-x-e-- [plugin-container]
MPROTECT is disabled
RANDEXEC is disabled
EMUTRAMP is disabled
root@gdOv:/usr/lib/palemoon#
Code: Select all
mr@gdOv:~$ strace -tt -s128 -o ~mr/strace.d/palemoon_$(date +%y%m%d_%H%M%S)_O palemoon
Code: Select all
mr@gdOv:~$ cp -iav strace.d/palemoon_180220_095634_O strace.d/palemoon_180220_095634_O_1
'strace.d/palemoon_180220_095634_O' -> 'strace.d/palemoon_180220_095634_O_1'
mr@gdOv:~$ ls -l strace.d/palemoon_180220_095634_O strace.d/palemoon_180220_095634_O_1
-rw-r--r-- 1 mr mr 2449385 2018-02-20 09:56 strace.d/palemoon_180220_095634_O
-rw-r--r-- 1 mr mr 2330823 2018-02-20 09:56 strace.d/palemoon_180220_095634_O_1
mr@gdOv:~$ ls -l strace.d/palemoon_180220_095634_O strace.d/palemoon_180220_095634_O_1
-rw-r--r-- 1 mr mr 3193884 2018-02-20 09:57 strace.d/palemoon_180220_095634_O
-rw-r--r-- 1 mr mr 2330823 2018-02-20 09:56 strace.d/palemoon_180220_095634_O_1
mr@gdOv:~$
But Pale Moon works fine.
I had previously removed all the addons because I want to start anew.
I've browsed without a single crash all day yesterday, after these modifications.
And I felt I would first try and install Decentraleyes or uBlock origin addon which at first I didn't succeed because javascript.enabled in my about:config was at false (precaution in the wake of the spectre revelations, AMD64 here, meltdown no threat). Eventually, enabled javascript back, I successfully installed uBlock0... for a very short while.
uBlock0 addon appeared to be successfully installed for mere seconds only, and my Pale Moon within 10 sec after having reported that successful install of uBlock0 ,crashed.
I've tried a lot since then and from that later testing it appears that the uBlock0 install change has been causing the crashes of my Pale Moon. I just couldn't get it to work anymore until, that is, I removed uBlock0.
But it might make for a clearer narrative if I try and show what happened from the logs, and from decryptable traffic dump (which I hope I all have intact; even from the screencast if need be), given that I try and always run my (primitive) https://github.com/miroR/uncenz program for such purposes.
I've prepared the reduced, to-the-point trace with the SSL keys, and cast at:
Pale Moon and uBlock0 on a grsec-hardened kernel
https://www.croatiafidelis.hr/foss/cap/ ... n-uBlock0/
For quick insight, download just the:
dump_180220_0456_gdO_uBlock0.pcap
and
dump_180220_0456_gdO_uBlock0_SSLKEYLOGFILE.txt
download https://github.com/miroR/tshark-streams and run
Code: Select all
$ tshark-streams.sh -r dump_180220_0456_gdO_uBlock0.pcap -k dump_180220_0456_gdO_uBlock0_SSLKEYLOGFILE.txt -Y "tcp.stream==3"
Code: Select all
$ ls -l dump_180220_0456_gdO_uBlock0_s003-ssl.bin
-rw-r--r-- 1 mr mr 1773517 2018-02-20 12:43 dump_180220_0456_gdO_uBlock0_s003-ssl.bin
What istalled in my Pale Moon is what I downloaded, and what I downloaded is in that tcp.stream. If you run:
Code: Select all
$ dd if=dump_180220_0456_gdO_uBlock0_s003-ssl.bin skip=1256 bs=1 of=dump_180220_0456_gdO_uBlock0_s003-ssl_XPI.zip
Code: Select all
$ ls -l dump_180220_0456_gdO_uBlock0_s003-ssl_XPI.zip ~mr/.moonchild\ productions/pale\ moon/xpmdemzk.default/extensions/uBlock0@raymondhill.net.xpi
-rw-r--r-- 1 mr mr 1772261 2018-02-20 12:50 dump_180220_0456_gdO_uBlock0_s003-ssl_XPI.zip
-rw------- 1 mr mr 1772261 2018-02-20 04:58 '/home/mr/.moonchild productions/pale moon/xpmdemzk.default/extensions/uBlock0@raymondhill.net.xpi'
$ sha256sum dump_180220_0456_gdO_uBlock0_s003-ssl_XPI.zip ~mr/.moonchild\ productions/pale\ moon/xpmdemzk.default/extensions/uBlock0@raymondhill.net.xpi
e142ae1052e17ae93fe44ed508907a8df743793e7c38b6117cc4b2a493c6f776 dump_180220_0456_gdO_uBlock0_s003-ssl_XPI.zip
e142ae1052e17ae93fe44ed508907a8df743793e7c38b6117cc4b2a493c6f776 /home/mr/.moonchild productions/pale moon/xpmdemzk.default/extensions/uBlock0@raymondhill.net.xpi
$
The video also serves to kind of verify the kern.log snippet that I'll post (I always have a
Code: Select all
# tail -f /var/log/kern.log
Code: Select all
Feb 20 04:58:05 gdOv kernel: [239876.262222] grsec: (mr:U:/usr/lib/palemoon/palemoon) denied access of /var/tmp for writing by /usr/lib/palemoon/palemoon[mozStorage #10:17061] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
[... 5 more lines of the same kind --just the timestamp increased-- ...]
Feb 20 04:58:09 gdOv kernel: [239879.722999] grsec: (mr:U:/usr/lib/palemoon/palemoon) denied access of /var/tmp for writing by /usr/lib/palemoon/palemoon[mozStorage #10:17061] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:4314] uid/euid:1000/1000 gid/egid:1000/1000
Feb 20 04:58:10 gdOv kernel: [239880.889260] 8139too 0000:04:15.0 eth1: link down
Feb 20 04:58:11 gdOv kernel: [239882.228265] PAX: execution attempt in: (null), 00000000-00000000 00000000
Feb 20 04:58:11 gdOv kernel: [239882.228282] PAX: terminating task: /usr/lib/palemoon/palemoon(palemoon):13441, uid/euid: 1000/1000, PC: 0000000000000302, SP: 0000039dfd6ed218
Feb 20 04:58:11 gdOv kernel: [239882.228293] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
Feb 20 04:58:11 gdOv kernel: [239882.228346]
Feb 20 04:58:11 gdOv kernel: [239882.228348] PAX: bytes at SP-8: 0000038890e4b865 0000038890e51478 0000039dfd6ed290 0000039dfd6eda10 0000039dfd6eda50 0000039dfd6ed660 000003883e55f7d0 0000039dfd6ed2e0 0000039dfd6ed320 0000039dfd6ed730 00000388846d0a80
Feb 20 04:58:11 gdOv kernel: [239882.228361]
Feb 20 04:58:11 gdOv kernel: [239882.228866] grsec: more alerts, logging disabled for 10 seconds
I have grsecurity RBAC deployed (Role Base Access Policy, if anyone not familiar, find it on forums.grsecurity.net pls.
But I start investigate now what this could be, without enabling RBAC, thought still with simply grsecurity kernel (I generally don't go online with Mr. Linus' plain non-hardened kernel --although they've recently copied a lot of code from grsecurity's original kernel patch, in the wake of Meltdown and Spectre computing disaster: the problem is Schmoogle the Goog controls now Linux security, and I don't trust unofficial world top spy agencies like the Schmoog to care for my security).
Again, in this post I only showed verifiably what I had (previously, very early in the morning CET) downloaded and installed (the uBlock0) in my Pale Moon when it crashed the first time after I compiled it and installed it, and how it crashed.
In the next post, I'll try reinstalling it, and try and analyze what happens (wrong).