pwned through vivaldi? 1.6.689.46
-
Hi all!
Earlier I went to this OCH to download something, and Vivaldi completely froze.
I run the abovementioned version on Slackware64, with µBlock Origin.
I could only kill Vivaldi as root. KSysGuard showed this suspicious line. (screenshot from KSysGuard)
Is a process supposed to be there with such privilege during normal operation or did I get owned? -
"one click hoster"
My Vivaldi is from SlackBuilds.org, it is just a repackage of the official .deb.
So it is not normal to have a Vivaldi process with root privilege? Notice KSysGuard (running as the user I also started Vivaldi as) couldn't even read the process name or CPU load of the process in the screenshot.
The Vivaldi command line in my launcher (KMenu) is just
/usr/bin/vivaldi %U
. -
@K85 The main Vivaldi executable should not be run as root but one file (the sandbox) can be run as root as it is setuid root owned binary.
However it does not need to be setuid if you are using the default, generic kernel for Slackware 64 14.2, so feel free to remove these lines from the slackbuild if you like:
chown root:root $PKG/opt/vivaldi/vivaldi-sandbox chmod 4755 $PKG/opt/vivaldi/vivaldi-sandbox
You might also want to reach out to the maintainer (Edinaldo P. Silva) or one of the slackbuild team and ask them to make this as a change to SlackBuild. Or I can if you like since many in the Slackware community know me.
P.S. If you want to learn more about the sandbox issue:
https://vivaldi.net/teamblog/79-sandbox-issues-when-installing-to-non-standard-locations-on-linux
-
As to the freezing, can you reproduce it? where you viewing a specific website?
-
Thanks Ruari! I'll try reproducing... Might take some hours though
I'll write the SlackBuild maintainer myself.
-
I can't reproduce it, *=)(§$! Maybe I can't remember all the context, but I think the page is just not the same.
But as vivaldi://sandbox/ says the SUID sandbox isn't used, there definitely was something fishy going on, right? I just want to know how likely it is that my system has been compromised.I'll repackage Vivaldi without the setuid (edit: for my machine). Edinaldo already answered me that he will make the change with the next update.
-
-