Re: what if a package needs to be "recalled"

To: debian-devel@lists.debian.org
Subject: Re: what if a package needs to be "recalled"
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 23 Nov 2011 19:48:25 -0500
Message-id: <[🔎] CANTw=MMegNX3J70FfY7r6Who7Nbrc=ZwD=yGd79bSTPGOktOwg@mail.gmail.com>
In-reply-to: <[🔎] CANTw=MP53P7uuVFYiMGZcjyWuYCoM=3gncb3VLLiBhF5KtrxQQ@mail.gmail.com>
References: <[🔎] 1322082621.13759.21.camel@scapa> <[🔎] 87aa7mqsyi.fsf@jidanni.org> <[🔎] CANTw=MP53P7uuVFYiMGZcjyWuYCoM=3gncb3VLLiBhF5KtrxQQ@mail.gmail.com>

On Wed, Nov 23, 2011 at 7:43 PM, Michael Gilbert wrote:
> On Wed, Nov 23, 2011 at 7:12 PM,  wrote:
>>>>>>> "YP" == Yves-Alexis Perez writes:
>>
>> YP> I'm not sure telling people to use --no-sandbox without telling them
>> YP> what they lose is a good idea. Sandboxing is here for a reason.
>
> I find the "no-sandbox" label sufficiently descriptive, but for
> completeness sake, this option will (as it sounds) disable chromium's
> process isolating "sandbox" feature.  This means that the security
> hardening feature, which normally makes it very hard for data to leak
> between chromium processes (i.e. tabs), will be off.

And of course makes it hard (hopefully) for attackers to break out of
that sandbox to get access (read/write) to anything else in memory.

Best wishes,
Mike

Reply to:

References:
- Re: what if a package needs to be "recalled"
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: what if a package needs to be "recalled"
  - From: jidanni@jidanni.org
- Re: what if a package needs to be "recalled"
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: what if a package needs to be "recalled"
Next by Date: Bug#649812: mention where to find all chromium command line switches
Previous by thread: Re: what if a package needs to be "recalled"
Next by thread: Bug#649812: mention where to find all chromium command line switches
Index(es):
- Date
- Thread