[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT chromium/chrome sandbox

On Wed, Mar 14, 2012 at 8:40 PM, Andrei POPESCU
<andreimpopescu@gmail.com> wrote:
> On Mi, 14 mar 12, 20:09:10, Dan wrote:
>>
>> Interestingly I noticed that chrome/chromium use some kind of sandbox
>> to isolate the process that renders the page. That is a good idea for
>> security purposes, but it requires to the executable chrome-sandbox to
>> have suid root access.
>
> I'm not very familiar with chrome/chromium, but this sounds wrong. Could
> you please point me to where this is documented?
>
> Kind regards,
> Andrei

Hi Andrei,

Here you can find the doc for the sandbox:
http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
http://www.chromium.org/developers/design-documents/sandbox

And some discussion:
http://scarybeastsecurity.blogspot.com/2009/10/chromium-and-linux-sandboxing.html

The idea is good but in Linux requires root access, which I do not
like. It seems that it might be possible use the sandbox in a SELinux
environment but I do not know how to do that:
http://code.google.com/p/chromium/wiki/LinuxSandboxing

Best regards,
Dan
Reply to: