[Pkg-chromium-maint] Bug#585950: Bug#585950: sandbox should not be suid
Giuseppe Iuculano
giuseppe at iuculano.it
Tue Jun 15 09:34:16 UTC 2010
tags 585950 upstream
severity normal
thanks
Hi,
On 06/15/2010 07:34 AM, Michael Gilbert wrote:
> /usr/lib/chromium-browser/chromium-browser-sandbox has the suid bit
> set. this is usually seen as a poor security practice, so this should
> be unset.
The sandbox model is not a poor security practice, it is just the
opposite and it increases security even with a small suid helper binary
to set things up.
Indeed a better approach is the seccomp-based sandbox, but it's not
quite ready:
http://code.google.com/p/chromium/issues/detail?id=36133
http://code.google.com/p/chromium/issues/list?q=label:SeccompSandbox
Cheers,
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20100615/aa08e113/attachment.pgp>
More information about the Pkg-chromium-maint
mailing list