Re: what if a package needs to be "recalled"
On Wed, Nov 23, 2011 at 7:43 PM, Michael Gilbert wrote:
> On Wed, Nov 23, 2011 at 7:12 PM, wrote:
>>>>>>> "YP" == Yves-Alexis Perez writes:
>> YP> I'm not sure telling people to use --no-sandbox without telling them
>> YP> what they lose is a good idea. Sandboxing is here for a reason.
> I find the "no-sandbox" label sufficiently descriptive, but for
> completeness sake, this option will (as it sounds) disable chromium's
> process isolating "sandbox" feature. This means that the security
> hardening feature, which normally makes it very hard for data to leak
> between chromium processes (i.e. tabs), will be off.
And of course makes it hard (hopefully) for attackers to break out of
that sandbox to get access (read/write) to anything else in memory.