[Pkg-chromium-maint] Bug#609093: /usr/lib/chromium-browser/chromium-browser: chromium shouldn't require execmod access
Russell Coker
russell at coker.com.au
Thu Jan 6 04:08:59 UTC 2011
Package: chromium-browser
Version: 6.0.472.63~r59945-4
Severity: normal
File: /usr/lib/chromium-browser/chromium-browser
The build of Chromium on Debian requires execmod access. The command
"eu-findtextrel" will give a list of them.
http://www.akkadia.org/drepper/textrelocs.html
Allowing execmod access means that there is more scope for a compromised
instance of Chromium to do some harm. According to the above web page by
Ulrich it seems that there is some performance overhead to this as well.
I would like to give less SE Linux privileges to Chromium, and fixing the text
relocations would permit this. Also other security systems could restrict
Chromium more if they were fixed.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chromium-browser depends on:
ii chromium-browser-ins 6.0.472.63~r59945-4 page inspector for the chromium-
br
ii libasound2 1.0.23-2.1 shared library for ALSA
applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file
co
ii libc6 2.11.2-7 Embedded GNU C Library: Shared
lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics
libra
ii libcups2 1.4.4-7 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-4 simple interprocess messaging
syst
ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging
syst
ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event
notification
ii libexpat1 2.0.1-7 XML parsing C library - runtime
li
ii libfontconfig1 2.8.0-2.1 generic font configuration
library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared
lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libgconf2-4 2.28.1-6 GNOME configuration database
syste
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime
libr
ii libgl1-mesa-glx [lib 7.7.1-4 A free implementation of the
OpenG
ii libglewmx1.5 1.5.4-1 The OpenGL Extension Wrangler -
ru
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libicu44 4.4.1-7 International Components for
Unico
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-1 Network Security Service
libraries
ii libpango1.0-0 1.28.3-1 Layout and rendering of
internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libv8-2.2.24 2.2.24-6 V8 JavaScript Engine
ii libvpx0 0.9.1-2 VP8 video codec (shared library)
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension
librar
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii libxrender1 1:0.9.6-1 X Rendering Extension client
libra
ii libxslt1.1 1.1.26-6 XSLT 1.0 processing library -
runt
ii libxss1 1:1.2.0-2 X11 Screen Saver extension
library
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities
from
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
chromium-browser recommends no packages.
Versions of packages chromium-browser suggests:
pn chromium-browser-l10n <none> (no description available)
-- no debconf information
More information about the Pkg-chromium-maint
mailing list