Linux appimage quirk

[JiffB]

Hi patchworkers,

apparently, this appimage tries to create a SUID mountpoint into /tmp, however for security reason, /tmp, /var/tmp & /home are mounted : rw,nosuid,nodev,noexec,noatime,attr2,inode64,noquota

$ ./Patchwork-3.17.5.AppImage 
[7613:0311/010547.607484:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_PatchwaMIoWo/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap

Is there a way to at least specify another place for this mountpoint at launch?

Jean-Yves

[black-puppydog]

Hi @JiffB.
That's actually a documented and "intended" (by the electron crew, not by us) behaviour. See #1217 for discussion.
You should be able to fix it either by changing a kernel setting, or you can pass -- --no-sandbox (note the double double dashes) when launching the appimage.

[JiffB]

Hi @black-puppydog
Nope Black, the puppy dog is crushed either way :

$ ./Patchwork-3.17.5.AppImage -- --no-sandbox
[26421:0311/124831.515404:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /tmp/.mount_PatchwUsBIyc/chrome-sandbox is owned by root and has mode 4755.
Trace/breakpoint trap

and just in case, I tried without the double dashes :

$ ./Patchwork-3.17.5.AppImage --no-sandbox
{
  path: '/home/niff/.ssb',
  party: true,
  timeout: 0,
  pub: true,
  local: true,
  friends: { dunbar: 150, hops: 2 },
  gossip: { connections: 3, autoPopulate: false },
  connections: {
    outgoing: {
      net: [ { transform: 'shs' } ],
      onion: [ { transform: 'shs' } ],
      tunnel: [ { transform: 'shs' } ]
    },
    incoming: {
      net: [
        {
          host: '127.0.0.1',
          port: 8008,
          scope: [ 'device' ],
          transform: 'shs'
        },
        {
          host: '192.168.1.233',
          port: 8008,
          scope: [ 'local' ],
          transform: 'shs'
        }
      ],
      ws: [
        {
          host: '127.0.0.1',
          port: 8989,
          scope: [ 'device' ],
          transform: 'shs'
        },
        {
          host: '192.168.1.233',
          port: 8989,
          scope: [ 'local' ],
          transform: 'shs'
        }
      ],
      unix: [ { scope: 'device', transform: 'noauth' } ],
      tunnel: [ { scope: 'public', transform: 'shs' } ]
    }
  },
  timers: { connection: 0, reconnect: 5000, ping: 300000, handshake: 5000 },
  caps: {
    shs: 'xxxxxxxxx',
    sign: null,
    invite: 'xxxxxxxxx'
  },
  master: [],
  logging: { level: 'notice' },
  port: 8008,
  blobsPort: 8989,
  server: true,
  _: [],
  host: '192.168.1.233',
  ws: {
    host: '192.168.1.233',
    port: 8989,
    scope: [ 'local' ],
    transform: 'shs'
  },
  keys: {
    curve: 'ed25519',
    public: 'xxxxxxxxx',
    private: null,
    id: 'xxxxxxxxx'
  },
  remote: 'unix:/home/niff/.ssb/socket:~noauth:xxxxxxxxx'
}
[27153:0311/125337.351691:ERROR:buffer_manager.cc(488)] [.DisplayCompositor]GL ERROR :GL_INVALID_OPERATION : glBufferData: <- error from previous GL command
Error: /tmp/.org.chromium.Chromium.Q4Eraj: failed to map segment from shared object
    at process.func (electron/js2c/asar.js:138:31)
    at process.func [as dlopen] (electron/js2c/asar.js:138:31)
    at Object.Module._extensions..node (internal/modules/cjs/loader.js:828:18)
    at Object.func (electron/js2c/asar.js:138:31)
    at Object.func [as .node] (electron/js2c/asar.js:147:18)
    at Module.load (internal/modules/cjs/loader.js:645:32)
    at Function.Module._load (internal/modules/cjs/loader.js:560:12)
    at Module.require (internal/modules/cjs/loader.js:685:19)
    at require (internal/modules/cjs/helpers.js:16:16)
    at load (/tmp/.mount_Patchw5Op1tj/resources/app.asar/node_modules/node-gyp-build/index.js:20:10)
(node:27122) UnhandledPromiseRejectionWarning: Error: Script failed to execute, this normally means an error was thrown. Check the renderer console for the error.
    at WebFrame.<computed> (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/api/web-frame.js:64:33)
    at WebFrame.executeJavaScript (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/common/api/deprecate.js:114:32)
    at /tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/web-frame-init.js:11:43
    at /tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/ipc-renderer-internal-utils.js:7:40
    at new Promise (<anonymous>)
    at EventEmitter.<anonymous> (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/ipc-renderer-internal-utils.js:7:9)
    at EventEmitter.emit (events.js:200:13)
    at Object.onMessage (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/init.js:42:16)
(node:27122) UnhandledPromiseRejectionWarning: Error: Script failed to execute, this normally means an error was thrown. Check the renderer console for the error.
    at WebFrame.<computed> (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/api/web-frame.js:64:33)
    at WebFrame.executeJavaScript (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/common/api/deprecate.js:114:32)
    at /tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/web-frame-init.js:11:43
    at /tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/ipc-renderer-internal-utils.js:7:40
    at new Promise (<anonymous>)
    at EventEmitter.<anonymous> (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/ipc-renderer-internal-utils.js:7:9)
    at EventEmitter.emit (events.js:200:13)
    at Object.onMessage (/tmp/.mount_Patchw5Op1tj/resources/electron.asar/renderer/init.js:42:16)
(node:27122) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:27122) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:27122) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
(node:27122) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

NB: CTRL-C to recover (pgm stuck at this point).

May be I'm cursed by the NZ gossip gods :/

[black-puppydog]

oh right. sorry, the DDdashes were sth I got used to from running npm directly :P
the good news is: that new error is something else, not the sandbox. Everybody YAY!....questionmark? :)

[black-puppydog]

Disclaimer: I don't really know what I'm doing here either. But signal (another electron app) had similar issues discussed here
and the comment there says it worked after mount -o remount,exec /tmp

So I guess now you're at the point where the mountpoint of the appimage is a problem! Hooray! :)

[JiffB]

This is how I see the thing, however circumventing it his way is a security risk, may be a bit less on a single user laptop, but that is all. It is strange that devs did not came with a viable solution for that.

Sooo my test ends here for this reason.
I understand that this is a work in full motion at this time, but what frightens me about an eventual future is this is not a Heisenbug and, IMHO, should have been addressed at once when encountered 'cos suggesting to change the default value of the TMPDIR environment variable is absolutely not a good idea at all :/ (looks more test after all is done if there's spare time instead of TDD).

Anyway, thanks for your time and help, @black-puppydog have nice daight (or nighay) !

[black-puppydog]

hmmm just to be clear, you're suggesting we make changes to how patchwork's appimage is built? if you have suggestions how we can fix this rather than making some ugly workaround or askign users to pass --no-sandbox, then that would be interesting...

[JiffB]

The obvious problem (here) is neither syntax works, so there's no workaround except modifying the /tmp mounting, this is what I say - and to be absolutely clear, yes, I suggest you modify your appimage &| program, because many companies and privates use such mounting setup for security reasons.

I spend a good deal of my time testing new softwares to see they can fit our need and generally do not spend more than 10'~20' on them if they do not install right away (timing after reading about the features and the mandatory doc, but no more, to be sure it is ergonomic enough to be understood without reading a book), if they do install, 90' tops - many people around the world are using this same way to do things. Following my own criteria, this software is rejected and will not be reviewed before at least 1/2 year.

[black-puppydog]

okay, we clearly need to think more about packaging. in the meantime, we already know about this issue and so I'm closing this.