OT chromium/chrome sandbox

To: debian-user@lists.debian.org
Subject: OT chromium/chrome sandbox
From: Dan <ganchya@gmail.com>
Date: Wed, 14 Mar 2012 20:09:10 +0100
Message-id: <[🔎] CAK00fOKtcY1PpQAbbFPGZY8qN7V1AhHFkofTYrQ-6-=z3uJiog@mail.gmail.com>

Hi,

I installed chrome and also new version of chromium, but I installed
both only for a single user that I only use to use chrome/chromium. I
installed chrome in /home/user/opt. Usually I do that with programs
that I download from internet.

Interestingly I noticed that chrome/chromium use some kind of sandbox
to isolate the process that renders the page. That is a good idea for
security purposes, but it requires to the executable chrome-sandbox to
have suid root access. I do not understand that. How about if there is
a bug in chrome-sandbox? Then some malicious code could get root
access which is even worse.

I am running chrome with the option --no-sandbox, and I didn't set the
root suid to chrome-sandbox. Do you think that this is a good idea?

Best,
Dan

Reply to:

Follow-Ups:
- Re: OT chromium/chrome sandbox
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

Prev by Date: Re: Re: Bash argument expanded inside alias
Next by Date: Re: NFS portmap - is it really needed and if so where is it?
Previous by thread: Re: NFS portmap - is it really needed and if so where is it?
Next by thread: Re: OT chromium/chrome sandbox
Index(es):
- Date
- Thread