[Pkg-chromium-maint] Bug#856169: Chromium installs a setuid binary without obvious need nor warning
Michael Gilbert
mgilbert at debian.org
Sat Feb 25 21:23:31 UTC 2017
control: severity -1 wishlist
control: retitle -1 chromium: switch to namespace sandbox
The sandbox is a necessary security feature. A bug years ago doesn't
necessarily mean that it is faulty today. There are lots of new
security bugs in chrome every few weeks, and rarely do they have to do
with the sandbox.
That said, there is a more modern sandboxing approach that uses
namespaces [0], but it is too late to change to it for stretch.
Best wishes,
Mike
[0]https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandboxing.md
More information about the Pkg-chromium-maint
mailing list