On Tue, Jul 07, 2015 at 01:53:22PM +0000, eocene wrote:
miroslav.rovis1 wrote:
On Tue, Jul 07, 2015 at 10:27:30AM +0200, miroslav.rovis1 at zg.ht.hr wrote:
"Something went wrong with that request. Please try again." ... $ cat ~/.dillo/cookiesrc DEFAULT DENY .github.com ACCEPT ... $
...
LATER. I even got (and all the conf is the same, .gitbub,com is in cookiesrc), just this morning 2015-07-07 09:35 right now, the:
"Cookies must be enabled to use GitHub."
I see what the problems are with github cookies.
1. In cookiesrc, ".github.com" is for subdomains of github, and "github.com" is for that host itself, so you need a "github.com" rule.
Yeah. It did occur to me, and I had removed the leading '.'. So that line in 'cookiesrc' now looks: github.com ACCEPT But I still can't log in, and it probably is the 2. below that you write.
2. I was reluctant to follow the full date parsing in RFC 6265 until I had a compelling reason, but you have brought me a compelling reason. github's cookies have expiration dates like "Sat, 07 Jul 2035 13:24:19 -0000", which appears to be legal, but dillo doesn't recognize it. So I'll work on it.
(By the way, I wonder why they think their cookie should last for 20 years. Makes me feel that I haven't been wasting my time with being careful with Year 2038 overflow on 32-bit machines...)
However, it's even worse than that. I get maybe a thousand of lines per minute such as: Jul 7 16:22:04 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of /usr/lib64/dillo/dpi/cookies/cookies.dpi (/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by /usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:1362] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/dpid[dpid:6224] uid/euid:1000/1000 gid/egid:1000/1000 Now, the explanation is I use: # cat /proc/sys/kernel/grsecurity/exec_logging 1 # the exec_logging functionality of the grsecurity-patched kernel. Excessive logs, true, but often I get the clues from those logs... I said it was worse, and it this sense. My: ~/.dillo/cookies.txt had only that one line that I send in the message: http://lists.dillo.org/pipermail/dillo-dev/2015-July/010582.html but now it has a huge many more of them: $ ls -l ~/.dillo/cookies.txt -rw------- 1 miro miro 24868 2015-07-07 11:34 /home/miro/.dillo/cookies.txt $ $ cat ~/.dillo/cookies.txt | wc -l 108 $ , and almost all those lines are from phpbb2mysql: $ cat ~/.dillo/cookies.txt | grep -v phpbb2mysql # HTTP Cookie File # This is a generated file! Do not edit. # [domain subdomains path secure expiry_time name value] [cookies dpi]: Enabling cookies as per cookiesrc... [cookies dpi]: Cookies loaded: 1. [cookies dpi]: (v.1) accepting connections... [cookies dpi]: denied SET for github.com [cookies dpi]: denied SET for github.com [cookies dpi]: denied SET for github.com Equally, all those lines are from forums.gentoo.org: $ cat ~/.dillo/cookies.txt | grep -v forums.gentoo.org # HTTP Cookie File # This is a generated file! Do not edit. # [domain subdomains path secure expiry_time name value] [cookies dpi]: Enabling cookies as per cookiesrc... [cookies dpi]: Cookies loaded: 1. [cookies dpi]: (v.1) accepting connections... [cookies dpi]: denied SET for github.com [cookies dpi]: denied SET for github.com [cookies dpi]: denied SET for github.com They look I can if I need to, look up all the variants, or encrypt then to your key, or plaintext if someone convinces me there should be nothing dangerous in revealing cookie content in this massive fashion; I don't know, will be thankful for any advice)... So those lines look like (a random one of those cca 100: [cookies dpi]: forums.gentoo.org GETTING: Cookie: phpbb2mysql_sid_s=a0cdf2e2eb297aa1127ff47385553234; phpbb2mysql_data_s=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%34333s%3A6%3A%22182646%22%3B%7D; phpbb2mysql_t=a%3A2%3A%7Bi%3A1016338%3Bi%3A1436261111%3Bi%3A1021456%3Bi%3A1436261138%3B%7D (I changed just a few chars for my protection, really little knowledge of cookies) And I have done more work, and intend to do more, but I'll try and get, I think I wrote that in some of the previous mails, the opinion from forums.gresecurity.net on how to deply gradm, the grsecurity administration utility, how to reconfofigure it on Dillo... If I manage to open forums.gresecurity.net, because for some, probably related reason, I can't currently. I tried, and it was just the Stop icon with an 'x' in it going red, but wouldn't open. Then I tried killing dillo (first I tried without '-9', not shown below): # ps aux | grep dillo root 1477 0.0 0.0 11584 2044 pts/10 S+ 16:36 0:00 grep --colour=auto dillo miro 4527 0.0 0.0 4284 1424 tty6 S 10:30 0:00 /usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi miro 4528 0.0 0.0 4408 1692 tty6 S 10:30 0:00 /usr/lib64/dillo/dpi/file/file.dpi miro 4905 0.0 0.0 4288 1460 tty6 S 10:55 0:00 /usr/lib64/dillo/dpi/cookies/cookies.dpi miro 6225 0.0 0.0 4284 1260 tty6 S 16:14 0:00 /usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi # And: # killall -9 4527 4528 4905 6225 4527: no process found 4528: no process found 4905: no process found 6225: no process found # But still: # ps aux | grep dillo root 1485 0.0 0.0 11584 2168 pts/10 S+ 16:37 0:00 grep --colour=auto dillo miro 4527 0.0 0.0 4284 1424 tty6 S 10:30 0:00 /usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi miro 4528 0.0 0.0 4408 1692 tty6 S 10:30 0:00 /usr/lib64/dillo/dpi/file/file.dpi miro 4905 0.0 0.0 4288 1460 tty6 S 10:55 0:00 /usr/lib64/dillo/dpi/cookies/cookies.dpi miro 6225 0.0 0.0 4284 1260 tty6 S 16:14 0:00 /usr/lib64/dillo/dpi/bookmarks/bookmarks.dpi # Anyway, all the dillo windows are close. Trying again: forums.gresecurity.net No. Finding it in https://duckduckgo.com/html and opening it from there: worked. Now, let me explain how it went (and I hope some of the advanced users --or maybe even spender or PaX Team-- if they are reading this, I hope it helps diagnose the problems, btwn you, devs od Dillo, and them, the grsec/PaX devs. (I will, next, try and post my dillo related configuration in a new post that I will try and open in forums.gresecurity.net and then it will be a complete report, without that post to be it is not yet.) So, let me explain how it went: The link (be it from grsecurity.net or from debian net domain, which I tried also, as I wanted to show you that I evangelize for you, in digressiona: http://forums.debian.net/viewtopic.php?f=16&t=108616&p=584160#p584160 where find: because I really like Gentoo and (Debian/Devuan?), and Dillo and Postfix, and a lot of other programs ) So [the link] begins to open, and those maybe 1000 lines per minute begin to flood my /var/log/messages, Another typical one, just like the one that I already gave closer to the start of this message of mine: Jul 7 16:47:16 g0n kernel: grsec: (miro:U:/usr/lib64/dillo/dpi) exec of /usr/lib64/dillo/dpi/cookies/cookies.dpi (/usr/lib64/dillo/dpi/cookies/cookies.dpi ) by /usr/lib64/dillo/dpi/cookies/cookies.dpi[dpid:28919] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/dpid[dpid:28798] uid/euid:1000/1000 gid/egid:1000/1000 Then I, in another terminal, as root, issue: # killall dpid which for grsecurity.net page opening need be done maybe once or rarely twice if at all, but for debian.net page opening needs to be done a few times, as it keeps restarting... And, if I missed to explain something, I'll try and remember and explain in the next message. As I said, for this to be complete, I need to get a better understanding of how to sort my /etc/grsec/policy for my Dillo. So next is posting the relevant current configuration on: https://forums.grsecurity.net -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr