[Bug 835171] New: Chromium shows warning on launch unsupported command-line flag, security and stability will suffer launches with --no-sandbox
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=835171 https://bugzilla.novell.com/show_bug.cgi?id=835171#c0 Summary: Chromium shows warning on launch unsupported command-line flag, security and stability will suffer launches with --no-sandbox Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: s.parry316@btinternet.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=552873) --> (http://bugzilla.novell.com/attachment.cgi?id=552873) image of result User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 Installed chromium from repo: http://download.opensuse.org/update/12.3/ When launched from kicker, krunner or from cli, a warning is given "unsupported command-line flag, security and stability will suffer" This is similar to: https://bugzilla.novell.com/show_bug.cgi?id=779448 My current version/install is: chromium-30.0.1553.0-1.7.2.x86_64 here is result of chrome:version http://paste.kde.org/p4ea45111/ If I try to launch by /usr/lib64/chromium/chromium I get this: The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chrome_sandbox is owned by root and has mode 4755. Reproducible: Always Steps to Reproduce: 1.Install chromium from repo 2.launch app 3. Actual Results: App shows warning. Expected Results: App should not show this warning After long discussions on IRC channel #suse resolved the issue using method in https://bugzilla.novell.com/show_bug.cgi?id=779448 A dev from channel #chromium_support says that the package is broken and is a serious security issue. http://paste.kde.org/p7b96f99f -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=835171 https://bugzilla.novell.com/show_bug.cgi?id=835171#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |meissner@suse.com InfoProvider| |s.parry316@btinternet.com --- Comment #1 from Marcus Meissner <meissner@suse.com> 2013-08-16 12:58:05 UTC --- well, what permissions had /usr/lib/chrome_sandbox on your machine? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=835171 https://bugzilla.novell.com/show_bug.cgi?id=835171#c2 --- Comment #2 from Marcus Meissner <meissner@suse.com> 2013-08-16 13:02:16 UTC --- and what security setting do you have configured? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=835171 https://bugzilla.novell.com/show_bug.cgi?id=835171#c3 Stephen Parry <s.parry316@btinternet.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|s.parry316@btinternet.com | --- Comment #3 from Stephen Parry <s.parry316@btinternet.com> 2013-08-16 13:05:19 UTC --- = -rwxr-xr-x 1 root root 18840 Jul 4 12:34 /usr/lib/chrome_sandbox grep PERMISSION_SECURITY /etc/sysconfig/security PERMISSION_SECURITY="secure local" # PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=835171 https://bugzilla.novell.com/show_bug.cgi?id=835171#c4 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #4 from Marcus Meissner <meissner@suse.com> 2013-08-16 14:29:26 UTC --- basically a dup of bug 779448 we will review the setuid-root usage in "secure" mode too. until then you could use the permissions.local override on your system. *** This bug has been marked as a duplicate of bug 779448 *** http://bugzilla.novell.com/show_bug.cgi?id=779448 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com