Bug#781925: I: Bug#781925:
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Wed Jul 22 12:11:41 UTC 2015
Hi *
I copy paste the irc conversation with some great people, who helped me enlighting the problem (actually related to webview, for the notices tab, who behaves more or less like a browser)
<LocutusOfBorg> if browser-plugin-libreoffice is installed, boinc spawns soffice.bin/oosplash processes, but strace seems to give me some wx/glib pointers, rather than a bug in boinc
<_rene_> LocutusOfBorg: no idea. I think there was a bug once saying something like "LO starts when iceweasel is started", but that wasn't really a big issue and afaicr not reproducible...
<_rene_> LocutusOfBorg: but as you said, the plugin is g one.. but why does boinc handle mozilla plugins? should I know or d I better not want to? :)
<LocutusOfBorg> I guess this is some wx/gtk initialization code
<smcv> gtk, in general, doesn't load mozilla plugins
<smcv> because why would it?
<smcv> I don't know anything about wx, but I would hope that it doesn't either
<smcv> but the strace logs you linked mention some sort of web view (presumably a more or less fully featured web browser wrapped in a Gtk widget)
<smcv> and *that* is something that might reasonably load mozilla plugins
<smcv> I would hope that it has APIs to tell it not to
<smcv> e.g. webkitgtk has http://webkitgtk.org/reference/webkitgtk/stable/WebKitWebSettings.html#WebKitWebSettings--enable-plugins
<smcv> I don't know what boinc does or why, but if its job does not include playing Flash and other misc embeddable plugins, it should configure its web view to not load those
<LocutusOfBorg> smcv, yes, it uses webview
<LocutusOfBorg> and it fetches the notices from the web in a tab
<LocutusOfBorg> and this might be flash videos indeed
<smcv> then it's essentially acting like a general-purpose web browser
<LocutusOfBorg> actually I thought this was done when the user was clicking on "notices", but I might be wrong
<LocutusOfBorg> it might be loaded at the startup and refreshed from time to time
<LocutusOfBorg> yes indeed
<smcv> I would hope that the part that displays notices has little or nothing to do with the part that runs as root
<LocutusOfBorg> smcv, so when people starts a browser soffice is spawned?
<LocutusOfBorg> I guess not
<LocutusOfBorg> smcv, yes, they are decoupled
<smcv> *shrug* _rene_ mentioned an unreproducible bug that had that effect
<LocutusOfBorg> you don't even need the manager to run the client
<LocutusOfBorg> _rene_, didn't mention the bug number :)
<LocutusOfBorg> that webview is detestable
<_rene_> I don't find that anymore
<_rene_> even did look in archived for moilla-openoffice.org ;)
<LocutusOfBorg> _rene_, moreover the package is gone, so I guess this is "fixed" some what
<smcv> if the webview is meant to be as capable as a general-purpose web browser, then yes, if somebody puts a .so file in ~/.mozilla/plugins, it will be executed by the process hosting the webview
<smcv> that's what general purpose web browsers do
<LocutusOfBorg> smcv, so I guess that process soffice is for handling the plugin?
<smcv> either they support plugins or they don't, you can't have it both ways
<LocutusOfBorg> yes, but why java and flash don't spawn new processes when the plugins are loaded?
<LocutusOfBorg> maybe they spawn and kill when they are needed
<smcv> because the code in their plugins is different?
<smcv> plugins are arbitrary native code
<LocutusOfBorg> smcv, exactly, so I wonder if libreoffice might behave differently
<smcv> if they want to spawn processes, they can spawn processes
<smcv> if they want to rm -fr /, they can do that
<LocutusOfBorg> I know that, I wonder if libreoffice is forced to do it, for some obscure reason to me
<smcv> speculating about implementation specifics of a plugin that has been removed from debian is unlikely to lead to enlightenment
<smcv> reading the relevant source code would probably be more informative
<smcv> or uninstalling the no-longer-supported plugin and walking away
<_rene_> nah, I'd actually believe direct initialization of this can be a LO plugin bug
<_rene_> that one was unmaintained since ever, basically
<_rene_> (and gone upstream now that's why it's not in sid anymore)
<smcv> you seemed to be implying that this was a security vuln in ... I don't even know what. something that Debian supports.
<smcv> but everything except the plugin itself seems to be working as intended
<_rene_> only fixes were buildfixes, system-wide plugin even was a problem, etc
<_rene_> Sun7Oracle only cared about the "click in the options to enable it (which does a ln -s in $HOMEs stuff) scenario
cheers,
Gianfranco
Il Mercoledì 22 Luglio 2015 12:45, Gianfranco Costamagna <costamagnagianfranco at yahoo.it> ha scritto:
Hi Alessandro and Rene, I see that libreoffice browser plugin giving troubles, and the problem seems to be not in boinc but in some wx code or libreoffice plugin code.
I'm attaching a strace with and without that code.
I'm also not so worried because that package seems to have disappeared in unstable, so I guess for Stretch this bug won't be spot anymore.
However knowing what caused this might be useful.
cheers,
Gianfranco
Il Martedì 21 Luglio 2015 21:44, Alessandro Barbieri <ale.barbio at alice.it> ha scritto:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Il 17/07/2015 15:34, Gianfranco Costamagna ha scritto:
Successeful reproduced on a virtual machine
you have to install browser-plugin-libreoffice
File opened by one of the processes:
Snapshot of files open in process 595 -
/usr/lib/libreoffice/program/nsplugin 9 10
- -env:INIFILENAME=vnd.sun.star.pathname:/usr/lib/libreoffice/program/redi
re
FD TYPE DEVICE SIZE NODE NAME
0 CHR 0xb 5 /dev/pts/2
1 REG 0x807 0 534157 /home/ale/.BOINC/stdoutgui.t
xt
2 REG 0x807 7490 534156 /home/ale/.BOINC/stderrgui.t
xt
3 REG 0x806 57362 798881
/usr/lib/ure/share/misc/types.rdb
4 REG 0x806 8192 1315177
/usr/lib/libreoffice/share/extensions/writer2latex/writer2latex.rdb
5 REG 0x807 4 524392 /home/ale/BOINC Manager-ale
6 REG 0x806 346042 1320628
/usr/lib/libreoffice/program/types/oovbaapi.rdb
7 REG 0x806 665493 1320627
/usr/lib/libreoffice/program/types/offapi.rdb
9 FIFO 0x8 79200 pipe
cwd DIR 0x807 12288 524289 /home/ale
mem REG 0x806 8192 1315177
/usr/lib/libreoffice/share/extensions/writer2latex/writer2latex.rdb
mem REG 0x806 14664 1185959
/lib/x86_64-linux-gnu/libdl-2.19.so
mem REG 0x806 31256 664412
/usr/lib/ure/lib/libuno_salhelpergcc3.so.3
mem REG 0x806 31368 655653
/usr/lib/ure/lib/libuuresolverlo.so
mem REG 0x806 31632 1188157
/lib/x86_64-linux-gnu/libnss_compat-2.19.so
mem REG 0x806 31784 1188142
/lib/x86_64-linux-gnu/librt-2.19.so
mem REG 0x806 43432 665244
/usr/lib/ure/lib/libxmlreaderlo.so
mem REG 0x806 43592 1187078
/lib/x86_64-linux-gnu/libnss_nis-2.19.so
mem REG 0x806 47712 1187077
/lib/x86_64-linux-gnu/libnss_files-2.19.so
mem REG 0x806 57362 798881
/usr/lib/ure/share/misc/types.rdb
mem REG 0x806 64432 669526
/usr/lib/ure/lib/libgcc3_uno.so
mem REG 0x806 89104 1188484
/lib/x86_64-linux-gnu/libnsl-2.19.so
mem REG 0x806 90096 1181345
/lib/x86_64-linux-gnu/libgcc_s.so.1
mem REG 0x806 109144 1180020
/lib/x86_64-linux-gnu/libz.so.1.2.8
mem REG 0x806 113496 928845
/usr/lib/libreoffice/program/libi18nlangtag.so
mem REG 0x806 133576 665855 /usr/lib/ure/lib/libstorelo.
so
mem REG 0x806 134160 661012 /usr/lib/ure/lib/libreglo.so
mem REG 0x806 137440 1188140
/lib/x86_64-linux-gnu/libpthread-2.19.so
mem REG 0x806 140928 1182946
/lib/x86_64-linux-gnu/ld-2.19.so
mem REG 0x806 141752 1179790
/lib/x86_64-linux-gnu/liblzma.so.5.0.0
mem REG 0x806 143520 664158 /usr/lib/liblangtag.so.1.2.0
mem REG 0x806 273416 664407
/usr/lib/ure/lib/libuno_cppu.so.3
mem REG 0x806 283744 669525 /usr/lib/ure/lib/libiolo.so
mem REG 0x806 336304 662030
/usr/lib/ure/lib/libuno_sal.so.3
mem REG 0x806 346042 1320628
/usr/lib/libreoffice/program/types/oovbaapi.rdb
mem REG 0x806 367568 669522
/usr/lib/ure/lib/libunoidllo.so
mem REG 0x806 448440 1180019
/lib/x86_64-linux-gnu/libpcre.so.3.13.1
mem REG 0x806 614080 929194
/usr/lib/libreoffice/program/libucbhelper.so
mem REG 0x806 665493 1320627
/usr/lib/libreoffice/program/types/offapi.rdb
mem REG 0x806 1008120 656784
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.20
mem REG 0x806 1042416 660857
/usr/lib/ure/lib/libuno_cppuhelpergcc3.so.3
mem REG 0x806 1051056 1188172
/lib/x86_64-linux-gnu/libm-2.19.so
mem REG 0x806 1107040 1180615
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1
mem REG 0x806 1465816 656701
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1
mem REG 0x806 1546256 696461
/usr/lib/x86_64-linux-gnu/libicuuc.so.52.1
mem REG 0x806 1613328 661399 /usr/lib/locale/locale-archi
ve
mem REG 0x806 1648696 922419
/usr/lib/libreoffice/program/libcomphelper.so
mem REG 0x806 1729984 1188256
/lib/x86_64-linux-gnu/libc-2.19.so
mem REG 0x806 23512848 696450
/usr/lib/x86_64-linux-gnu/libicudata.so.52.1
rtd DIR 0x806 4096 2 /
txt REG 0x806 89256 918817
/usr/lib/libreoffice/program/nsplugin
- --
<sip:alebarbio at ekiga.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVrqEWAAoJEA/Z4QLlYWVuZjMIAIBXkDb8vXkEyaNQzju8Ks5F
bJ3Pa6n4DdfW49BXXkSz7wWRyqTJHUTTvO4WCfiw36wnsE+vU4MSIZvyi6CJX5a7
owlVBK6xSm5ZIec9rbcG6WND1TiuAlBwpG1lHDT2cpQivYPM+UpSpP1hETGESyGx
9BOlvYZrRYn0/bjZFhM7sWjrFHcVuI4p+k+yLUsday5HHkjH3vpuO5UhK6bzEUue
4MsJGRhe1qxWUCUB1kLtpHj1OzpZ/dCmy2mjJSpBSI+MYZvMYGhoQc2EtpHNYtTv
7IClY4GtcRNwKPf1RONvpxTe7gg4XokmIN7vBfU6/my1ITE0BrBF5oGl92/UT3o=
=OFpp
-----END PGP SIGNATURE-----
--
pkg-boinc-devel mailing list
pkg-boinc-devel at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-boinc-devel
More information about the pkg-boinc-devel
mailing list