On Tue, Jul 07, 2015 at 01:53:22PM +0000, eocene wrote:
> miroslav.rovis1 wrote:
> > On Tue, Jul 07, 2015 at 10:27:30AM +0200,
mirosla...@zg.ht.hr wrote:
> > > "Something went wrong with that request. Please try again."
> > ...
> > > $ cat ~/.dillo/cookiesrc
> > > DEFAULT DENY
> > > .
github.com ACCEPT
> > ...
> > > $
> > >
> > ...
> > > LATER. I even got (and all the conf is the same, .gitbub,com is in
> > > cookiesrc), just this morning 2015-07-07 09:35 right now, the:
> > >
> > > "Cookies must be enabled to use GitHub."
>
> I see what the problems are with github cookies.
>
> 1. In cookiesrc, ".
github.com" is for subdomains of github, and "
github.com"
> is for that host itself, so you need a "
github.com" rule.
>
Yeah. It did occur to me, and I had removed the leading '.'. So that
line in 'cookiesrc' now looks:
github.com ACCEPT
But I still can't log in, and it probably is the 2. below that you
write.
> 2. I was reluctant to follow the full date parsing in RFC 6265 until I had a
> compelling reason, but you have brought me a compelling reason. github's
> cookies have expiration dates like "Sat, 07 Jul 2035 13:24:19 -0000", which
> appears to be legal, but dillo doesn't recognize it. So I'll work on it.
>
> (By the way, I wonder why they think their cookie should last for 20 years.
> Makes me feel that I haven't been wasting my time with being careful with
> Year 2038 overflow on 32-bit machines...)
>
However, it's even worse than that.
I get maybe a thousand of lines per minute such as:
Jul 7 16:22:04 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of
/usr/lib64/dillo/dpi/cookies/cookies.dpi
(/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by
/usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:1362] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/dpid[dpid:6224] uid/euid:1000/1000
gid/egid:1000/1000
Now, the explanation is I use:
# cat /proc/sys/kernel/grsecurity/exec_logging
1
#
the exec_logging functionality of the grsecurity-patched kernel. Excessive logs, true, but often I get the clues from those logs...
I said it was worse, and it this sense. My:
~/.dillo/cookies.txt
had only that one line that I send in the message:
http://lists.dillo.org/pipermail/dillo-dev/2015-July/010582.html
but now it has a huge many more of them:
$ ls -l ~/.dillo/cookies.txt
-rw------- 1 miro miro 24868 2015-07-07 11:34
/home/miro/.dillo/cookies.txt
$
$ cat ~/.dillo/cookies.txt | wc -l
108
$
, and almost all those lines are from phpbb2mysql:
$ cat ~/.dillo/cookies.txt | grep -v phpbb2mysql
# HTTP Cookie File
# This is a generated file! Do not edit.
# [domain subdomains path secure expiry_time name value]
[cookies dpi]: Enabling cookies as per cookiesrc...
[cookies dpi]: Cookies loaded: 1.
[cookies dpi]: (v.1) accepting connections...
[cookies dpi]: denied SET for
github.com
[cookies dpi]: denied SET for
github.com
[cookies dpi]: denied SET for
github.com
Equally, all those lines are from
forums.gentoo.org:
$ cat ~/.dillo/cookies.txt | grep -v
forums.gentoo.org
# HTTP Cookie File
# This is a generated file! Do not edit.
# [domain subdomains path secure expiry_time name value]
[cookies dpi]: Enabling cookies as per cookiesrc...
[cookies dpi]: Cookies loaded: 1.
[cookies dpi]: (v.1) accepting connections...
[cookies dpi]: denied SET for
github.com
[cookies dpi]: denied SET for
github.com
[cookies dpi]: denied SET for
github.com
They look I can if I need to, look up all the variants, or encrypt then
to your key, or plaintext if someone convinces me there should be
nothing dangerous in revealing cookie content in this massive fashion; I
don't know, will be thankful for any advice)...
So those lines look like (a random one of those cca 100:
[cookies dpi]:
forums.gentoo.org GETTING: Cookie:
phpbb2mysql_sid_s=a0cdf2e2eb297aa1127ff47385553234;
phpbb2mysql_data_s=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%34333s%3A6%3A%22182646%22%3B%7D;
phpbb2mysql_t=a%3A2%3A%7Bi%3A1016338%3Bi%3A1436261111%3Bi%3A1021456%3Bi%3A1436261138%3B%7D
(I changed just a few chars for my protection, really little knowledge
of cookies)
And I have done more work, and intend to do more, but I'll try and get,
I think I wrote that in some of the previous mails, the opinion from
forums.gresecurity.net on how to deply gradm, the grsecurity
administration utility, how to reconfofigure it on Dillo...
If I manage to open
forums.gresecurity.net, because for some, probably
related reason, I can't currently. I tried, and it was just the Stop
icon with an 'x' in it going red, but wouldn't open.
Then I tried killing dillo (first I tried without '-9', not shown below):
# ps aux | grep dillo
root 1477 0.0 0.0 11584 2044 pts/10 S+ 16:36 0:00 grep
--colour=auto dillo
miro 4527 0.0 0.0 4284 1424 tty6 S 10:30 0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
miro 4528 0.0 0.0 4408 1692 tty6 S 10:30 0:00
/usr/lib64/dillo/dpi/file/file.dpi
miro 4905 0.0 0.0 4288 1460 tty6 S 10:55 0:00
/usr/lib64/dillo/dpi/cookies/cookies.dpi
miro 6225 0.0 0.0 4284 1260 tty6 S 16:14 0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
#
And:
# killall -9 4527 4528 4905 6225
4527: no process found
4528: no process found
4905: no process found
6225: no process found
#
But still:
# ps aux | grep dillo
root 1485 0.0 0.0 11584 2168 pts/10 S+ 16:37 0:00 grep
--colour=auto dillo
miro 4527 0.0 0.0 4284 1424 tty6 S 10:30 0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
miro 4528 0.0 0.0 4408 1692 tty6 S 10:30 0:00
/usr/lib64/dillo/dpi/file/file.dpi
miro 4905 0.0 0.0 4288 1460 tty6 S 10:55 0:00
/usr/lib64/dillo/dpi/cookies/cookies.dpi
miro 6225 0.0 0.0 4284 1260 tty6 S 16:14 0:00
/usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi
#
Anyway, all the dillo windows are close. Trying again:
forums.gresecurity.net
No.
Finding it in
https://duckduckgo.com/html and opening it from there:
worked.
Now, let me explain how it went (and I hope some of the advanced users
--or maybe even spender or PaX Team-- if they are reading this, I hope
it helps diagnose the problems, btwn you, devs od Dillo, and them, the
grsec/PaX devs.
(I will, next, try and post my dillo related configuration in a new post
that I will try and open in
forums.gresecurity.net and then it will be a
complete report, without that post to be it is not yet.)
So, let me explain how it went:
The link (be it from
grsecurity.net or from debian net domain, which I
tried also, as I wanted to show you that I evangelize for you, in
digressiona:
http://forums.debian.net/viewtopic.php?f=16&t=108616&p=584160#p584160
where find:
because I really like Gentoo and (Debian/Devuan?), and Dillo and
Postfix, and a lot of other programs
)
So [the link] begins to open, and those maybe 1000 lines per minute
begin to flood my /var/log/messages, Another typical one, just like the
one that I already gave closer to the start of this message of mine:
Jul 7 16:47:16 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of
/usr/lib64/dillo/dpi/cookies/cookies.dpi
(/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by
/usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:28919] uid/euid:1000/1000
gid/egid:1000/1000, parent /usr/bin/dpid[dpid:28798] uid/euid:1000/1000
gid/egid:1000/1000
Then I, in another terminal, as root, issue:
# killall dpid
which for
grsecurity.net page opening need be done maybe once or rarely
twice if at all, but for
debian.net page opening needs to be done a few
times, as it keeps restarting...
And, if I missed to explain something, I'll try and remember and explain
in the next message.
As I said, for this to be complete, I need to get a better understanding
of how to sort my /etc/grsec/policy for my Dillo.
So next is posting the relevant current configuration on:
https://forums.grsecurity.net