# Chromium doesn't work after chmod [solved]

## hrnick

Hi!

I've lately gone through the Gentoo Security Handbook in order to make my system less vulnerable. I followed the steps in the file permissions section and specifically the world or group writable section.

After changing the permissions (chmod o-w as specified in the guide) chromium and libreoffice couldn't start but I fixed libreoffice by restoring o+w to /var/tmp and I suspect there's something similar going on with chromium. This is the output I get when trying to start chromium:

```
[15311:15320:0428/193500.823233:FATAL:memory.cc(22)] Out of memory. size=131072

#0 0x55768dce6ddc <unknown>

#1 0x55768dcfe91e <unknown>

#2 0x55768dd22b6e <unknown>

#3 0x55768dd09c22 <unknown>

#4 0x55768dd09dd0 <unknown>

#5 0x55768c98a0e9 <unknown>

#6 0x55768c988431 <unknown>

#7 0x55768c988285 <unknown>

#8 0x55768c977943 <unknown>

#9 0x55768dce75ad <unknown>

#10 0x55768dd046e1 <unknown>

#11 0x55768dd04c78 <unknown>

#12 0x55768dd06779 <unknown>

#13 0x55768dd29405 <unknown>

#14 0x55768c810ab8 <unknown>

#15 0x55768c810c31 <unknown>

#16 0x55768dd50b92 <unknown>

#17 0x55768dd4eecd <unknown>

#18 0x7f250613a92a start_thread

#19 0x7f24fb66c65f clone

Received signal 6

#0 0x55768dce6ddc <unknown>

#1 0x55768dce6941 <unknown>

#2 0x7f2506147180 <unknown>

#3 0x7f24fb59ffb0 gsignal

#4 0x7f24fb5a1b07 abort

#5 0x55768dce5135 <unknown>

#6 0x55768dcfec0c <unknown>

#7 0x55768dd22b6e <unknown>

#8 0x55768dd09c22 <unknown>

#9 0x55768dd09dd0 <unknown>

#10 0x55768c98a0e9 <unknown>

#11 0x55768c988431 <unknown>

#12 0x55768c988285 <unknown>

#13 0x55768c977943 <unknown>

#14 0x55768dce75ad <unknown>

#15 0x55768dd046e1 <unknown>

#16 0x55768dd04c78 <unknown>

#17 0x55768dd06779 <unknown>

#18 0x55768dd29405 <unknown>

#19 0x55768c810ab8 <unknown>

#20 0x55768c810c31 <unknown>

#21 0x55768dd50b92 <unknown>

#22 0x55768dd4eecd <unknown>

#23 0x7f250613a92a start_thread

#24 0x7f24fb66c65f clone

  r8: 0000000000000000  r9: 00007f24e3ffd580 r10: 0000000000000008 r11: 0000000000000246

 r12: 00007f24fbf45cc0 r13: 00007f24e3ffdc98 r14: 000000000000004f r15: 00007f24e3ffdc90

  di: 0000000000000002  si: 00007f24e3ffd580  bp: 00007f24e3ffd7d0  bx: 0000000000000006

  dx: 0000000000000000  ax: 0000000000000000  cx: 00007f24fb59ffb0  sp: 00007f24e3ffd580

  ip: 00007f24fb59ffb0 efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000

 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000

[end of stack trace]

Calling _exit(1). Core file will not be generated.
```

Unfortunately I'm not sure exactly what files/directories I changed the permission for (lesson learned). Does anyone have an idea on what permissions I need to restore where in order for chromium to run again?

Thanks in advance!Last edited by hrnick on Tue May 01, 2018 4:29 pm; edited 1 time in total

----------

## Hu

I don't have a direct answer for you, but I do have a way you can try to solve this.  Use strace (from dev-util/strace) to monitor all system calls made by the program(s).  It will show you system call inputs and outputs, so you can see which paths the program tries to access, which of those succeed, and which fail.  Look for paths that fail with "Permission denied" for requests that require write access.  Cross-check that against paths that you likely would have changed the permissions on.  If you're not sure, post here all the denied paths.  Some denials may be legitimate if the program goes exploring to test the limits of its reach, so do not blindly grant access solely on the basis that it is currently denied.

----------

## hrnick

Thanks for your reply!

Here's the output from:

# strace chromium 2> trace.txt

And for comparison here's:

# sudo strace chromium --no-sandbox 2> trace2.txt (which works as expected so it's likely a permission related problem)

I tried setting o+w for files in /sys/fs since those files are opened right before the permission denied message but it didn't make a difference. Any suggestions on what to try next?

Thanks again!

----------

## Ant P.

Nothing in /sys should ever be chmod o+w. You have a really screwed up and potentially vulnerable system, first reboot to get the virtual filesystems back into a sane state, then we can go from there.

----------

## hrnick

Well that struck me as odd as well and I made sure to chmod o-w it right away after trying. I just wanted to see if it made a difference.

It turns out that chromium started just fine after rebooting the system. I was a little reluctant to do so right away in case anything else was broken after my chmod adventures. Anyway, this seems solved now.

Thanks for your help!

----------

