Whimper: Google Chrome Broken Again (Updated)

You can probably ignore this whiny-gram unless you need a chuckle.
I run Scientific Linux 6, a clone of Red Hat Enterprise Linux. It includes by default a very nice system security package called SELinux. It was designed with the help of alphabet soup federal agencies to enhance the security of Linux systems, probably one of the only honest things we ever got from the government. It’s primary objective is to prevent execution of binaries and scripts which could cause harm to the operating system. It used to be a messy tangle, always getting in the way. When RHEL 6 Beta came out, it had been vastly improved. I no longer recommend turning it off, because it seems to serve the intended purpose without getting in the way.
The problem is people who develop software for Linux tend to ignore it. From one release to the next, I’m never sure when Google Chrome, for example, will fail to work against SELinux. Last night was an update, and once again, it fails completely.
I won’t bother pasting the errors here. Alright, here it is:

/opt/google/chrome/google-chrome: /lib/libz.so.1: no version information available (required by /opt/google/chrome/google-chrome)
/opt/google/chrome/chrome: error while loading shared libraries: cannot restore segment prot after reloc: Permission denied

I’ve done some extensive searching, and even the developers at Google seem pretty confused about it. It doesn’t help they insist on building everything on Ubuntu, and can’t be bothered to use a free Red Hat clone for the RPM packages. So the executables keep asking for some response peculiar to Debian-based system calls. Most of the time, it doesn’t prevent Chrome from running, but it does too often. This time, though, it seems to be an error bouncing off SELinux. All the advice I could find was “disable SELinux” or to grant Chrome some unreasonable level of permissive freedom with any normal restrictions.
This is insane. I’ve already shown in previous posts Google developers will lie about how Chrome works. If it’s not lying, it’s an abysmal lack of knowledge. They aren’t worthy of any such high level of trust. Further, the one greatest attack vector on the Net seems to be browser vulnerabilities, and they think I should turn off the one best layer of security I can have against browser exploits? For all the advantages there may be from using Chrome, it’s not worth the trouble any more. I used to think GNOME and KDE developers were arrogant, but I’ve not seen anything like the hostility to user accountability one sees coming from Google and Webkit developers.
Of course, the Firefox fanboys deserve to be slapped around a bit, too. All versions of Firefox, whether built and optimized on my system, or simply installed as a package, nearly choke on rather simple and mundane JavaScript on major sites. It bogs down my system to the point it’s almost unusable, with only two tabs open — and one of those has a very simple HTML page without even any graphics.
Right now, only the console-based browsers and Opera work well enough to bother.
Update: I think I understand now why Chrome fights with SELinux: It wants permission to do something no browser should. This is the debut of the so-called Native Client technology, in which applications can run from the browser directly on the hardware, with all the same privileges and power of native applications built for the OS. After all the horrific threats we’ve seen over the years from Web attacks taking advantage of unrecognized security holes in browsers, attacking the OS itself, now Google wants to implement it on purpose. The arrogance and ignorance is stunning.
The only hope is learning how to turn off this feature when you build the Open Source version of Chrome called Chromium.
Addenda: I didn’t find out how to turn off the Native Client business, but I did learn how to build Chromium from SRPMs and it does work better.

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

3 Responses to Whimper: Google Chrome Broken Again (Updated)

  1. Tony says:

    I’m with you on this one. I ran into this problem as well yesterday. Very irritating.

  2. Hi,
    I faced the same issue and I found that trick on the Chromium issue tracker. It also works for Google Chrome:
    chcon -t usr_t /opt/google/chrome/chrome-sandbox
    source : http://code.google.com/p/chromium/issues/detail?id=87704
    Hope it helps.
    Sebz.

    • Ed Hurst says:

      Well, Sébastien, I linked to that in my post. Read the whole thread and you’ll understand that command weakens the security of SELinux, which is part of what I was whimpering about. I won’t be executing that command. This is one example too many of Google’s failure to take user security and user choice seriously. They won’t be allowed to run their code on my machine.

Comments are closed.