[Dillo-dev] Github et alia login/cookies issue

miroslav.rovis1 at zg.ht.hr miroslav.rovis1 at zg.ht.hr
Tue Jul 7 16:57:57 CEST 2015


On Tue, Jul 07, 2015 at 01:53:22PM +0000, eocene wrote:
> miroslav.rovis1 wrote:
> > On Tue, Jul 07, 2015 at 10:27:30AM +0200, miroslav.rovis1 at zg.ht.hr wrote:
> > > "Something went wrong with that request. Please try again."
> > ...
> > > $ cat  ~/.dillo/cookiesrc 
> > > DEFAULT DENY
> > > .github.com ACCEPT
> > ...
> > > $
> > > 
> > ...
> > > LATER. I even got (and all the conf is the same, .gitbub,com is in
> > > cookiesrc), just this morning 2015-07-07 09:35 right now, the:
> > > 
> > > "Cookies must be enabled to use GitHub."
> 
> I see what the problems are with github cookies.
> 
> 1. In cookiesrc, ".github.com" is for subdomains of github, and "github.com"
>    is for that host itself, so you need a "github.com" rule.
>
Yeah. It did occur to me, and I had removed the leading '.'. So that
line in 'cookiesrc' now looks:

github.com ACCEPT

But I still can't log in, and it probably is the 2. below that you
write.

> 2. I was reluctant to follow the full date parsing in RFC 6265 until I had a
>    compelling reason, but you have brought me a compelling reason. github's
>    cookies have expiration dates like "Sat, 07 Jul 2035 13:24:19 -0000", which
>    appears to be legal, but dillo doesn't recognize it. So I'll work on it.
> 
>    (By the way, I wonder why they think their cookie should last for 20 years.
>    Makes me feel that I haven't been wasting my time with being careful with
>    Year 2038 overflow on 32-bit machines...)
> 
However, it's  even worse than that.

I get maybe a thousand of lines per minute such as:

Jul  7 16:22:04 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of
/usr/lib64/dillo/dpi/cookies/cookies.dpi
(/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by
/usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:1362] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/dpid[dpid:6224] uid/euid:1000/1000
gid/egid:1000/1000

Now, the explanation is I use:

# cat /proc/sys/kernel/grsecurity/exec_logging 
1
#

the exec_logging functionality of the grsecurity-patched kernel. Excessive logs, true, but often I get the clues from those logs...

I said it was worse, and it this sense. My:

~/.dillo/cookies.txt

had only that one line that I send in the message:

http://lists.dillo.org/pipermail/dillo-dev/2015-July/010582.html

but now it has a huge many more of them:

$ ls -l ~/.dillo/cookies.txt 
-rw------- 1 miro miro 24868 2015-07-07 11:34
/home/miro/.dillo/cookies.txt
$

$ cat ~/.dillo/cookies.txt  | wc -l
108
$

, and almost all those lines are from phpbb2mysql:

$ cat ~/.dillo/cookies.txt  | grep -v phpbb2mysql
# HTTP Cookie File
# This is a generated file!  Do not edit.
# [domain  subdomains  path  secure  expiry_time  name  value]

[cookies dpi]: Enabling cookies as per cookiesrc...
[cookies dpi]: Cookies loaded: 1.
[cookies dpi]: (v.1) accepting connections...
[cookies dpi]: denied SET for github.com
[cookies dpi]: denied SET for github.com
[cookies dpi]: denied SET for github.com

Equally, all those lines are from forums.gentoo.org:

$ cat ~/.dillo/cookies.txt  | grep -v forums.gentoo.org
# HTTP Cookie File
# This is a generated file!  Do not edit.
# [domain  subdomains  path  secure  expiry_time  name  value]

[cookies dpi]: Enabling cookies as per cookiesrc...
[cookies dpi]: Cookies loaded: 1.
[cookies dpi]: (v.1) accepting connections...
[cookies dpi]: denied SET for github.com
[cookies dpi]: denied SET for github.com
[cookies dpi]: denied SET for github.com

They look I can if I need to, look up all the variants, or encrypt then
to your key, or plaintext if someone convinces me there should be
nothing dangerous in revealing cookie content in this massive fashion; I
don't know, will be thankful for any advice)...

So those lines look like (a random one of those cca 100:

[cookies dpi]: forums.gentoo.org GETTING: Cookie:
phpbb2mysql_sid_s=a0cdf2e2eb297aa1127ff47385553234;
phpbb2mysql_data_s=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%34333s%3A6%3A%22182646%22%3B%7D;
phpbb2mysql_t=a%3A2%3A%7Bi%3A1016338%3Bi%3A1436261111%3Bi%3A1021456%3Bi%3A1436261138%3B%7D

(I changed just a few chars for my protection, really little knowledge
of cookies)

And I have done more work, and intend to do more, but I'll try and get,
I think I wrote that in some of the previous mails, the opinion from
forums.gresecurity.net on how to deply gradm, the grsecurity
administration utility, how to reconfofigure it on Dillo...

If I manage to open forums.gresecurity.net, because for some, probably
related reason, I can't currently. I tried, and it was just the Stop
icon with an 'x' in it going red, but wouldn't open.

Then I tried killing dillo (first I tried without '-9', not shown below):

# ps aux | grep dillo
root      1477  0.0  0.0  11584  2044 pts/10   S+   16:36   0:00 grep
--colour=auto dillo
miro      4527  0.0  0.0   4284  1424 tty6     S    10:30   0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
miro      4528  0.0  0.0   4408  1692 tty6     S    10:30   0:00
/usr/lib64/dillo/dpi/file/file.dpi
miro      4905  0.0  0.0   4288  1460 tty6     S    10:55   0:00
/usr/lib64/dillo/dpi/cookies/cookies.dpi
miro      6225  0.0  0.0   4284  1260 tty6     S    16:14   0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
#

And:

# killall -9 4527 4528 4905 6225
4527: no process found
4528: no process found
4905: no process found
6225: no process found
#

But still:

# ps aux | grep dillo
root      1485  0.0  0.0  11584  2168 pts/10   S+   16:37   0:00 grep
--colour=auto dillo
miro      4527  0.0  0.0   4284  1424 tty6     S    10:30   0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
miro      4528  0.0  0.0   4408  1692 tty6     S    10:30   0:00
/usr/lib64/dillo/dpi/file/file.dpi
miro      4905  0.0  0.0   4288  1460 tty6     S    10:55   0:00
/usr/lib64/dillo/dpi/cookies/cookies.dpi
miro      6225  0.0  0.0   4284  1260 tty6     S    16:14   0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
#

Anyway, all the dillo windows are close. Trying again:

forums.gresecurity.net
No.

Finding it in https://duckduckgo.com/html and opening it from there:
worked.

Now, let me explain how it went (and I hope some of the advanced users
--or maybe even spender or PaX Team-- if they are reading this, I hope
it helps diagnose the problems, btwn you, devs od Dillo, and them, the
grsec/PaX devs.

(I will, next, try and post my dillo related configuration in a new post
that I will try and open in forums.gresecurity.net and then it will be a
complete report, without that post to be it is not yet.)

So, let me explain how it went:

The link (be it from grsecurity.net or from debian net domain, which I
tried also, as I wanted to show you that I evangelize for you, in
digressiona:

http://forums.debian.net/viewtopic.php?f=16&t=108616&p=584160#p584160
where find:

because I really like Gentoo and (Debian/Devuan?), and Dillo and
Postfix, and a lot of other programs

)

So [the link] begins to open, and those maybe 1000 lines per minute
begin to flood my /var/log/messages, Another typical one, just like the
one that I already gave closer to the start of this message of mine:

Jul  7 16:47:16 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of
/usr/lib64/dillo/dpi/cookies/cookies.dpi
(/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by
/usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:28919] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/dpid[dpid:28798] uid/euid:1000/1000
gid/egid:1000/1000

Then I, in another terminal, as root, issue:

# killall dpid

which for grsecurity.net page opening need be done maybe once or rarely
twice if at all, but for debian.net page opening needs to be done a few
times, as it keeps restarting...

And, if I missed to explain something, I'll try and remember and explain
in the next message.

As I said, for this to be complete, I need to get a better understanding
of how to sort my /etc/grsec/policy for my Dillo.

So next is posting the relevant current configuration on:

https://forums.grsecurity.net

-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.dillo.org/pipermail/dillo-dev/attachments/20150707/c038be4b/attachment.sig>


More information about the Dillo-dev mailing list