[Bug 779448] New: Tumbleweed: Chromium 23.0.1259.0 - Wrong permissions on /usr/lib/chrome_sandbox, chromium starts with --no-sandbox
https://bugzilla.novell.com/show_bug.cgi?id=779448 https://bugzilla.novell.com/show_bug.cgi?id=779448#c0 Summary: Tumbleweed: Chromium 23.0.1259.0 - Wrong permissions on /usr/lib/chrome_sandbox, chromium starts with --no-sandbox Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: veniastra@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.9 (KHTML, like Gecko) Chrome/23.0.1259.0 Safari/537.9 SUSE/23.0.1259.0 Ever since updating my Tumbleweed installation to openSUSE 12.2 as a base, Chromium 23.0.1259.0 complains about being started with the unsupported command line flag --no-sandbox, and thus chrome://sandbox shows that chromium is indeed not sandboxed, even though no such flag has been given. Looking at /usr/lib64/chromium/chromium-kde unearths the following bit: if [ ! -u $CHROME_SANDBOX ] ; then SANDBOX="--no-sandbox" fi This points towards permissions on /usr/lib/chrome_sandbox. Setting the suid bit (sudo chmod u+s /usr/lib/chrome_sandbox) on /usr/lib/chrome_sandbox by hand mitigates the problem and chromium starts without complaining. I assume that the post script upon installing does not set proper permissions. It also seems as if the manually set permissions are (randomly?) reset and the sticky bit removed. Reproducible: Sometimes Steps to Reproduce: 1. Start chromium (especially after rebooting) 2. Receive "sandbox disabled" warning message 3. Check chrome://sandbox to verify sandbox is not working Actual Results: Chromium complains and is not properly sandboxed Expected Results: Chromium starts normally, does not complain and is properly sandboxed This is on openSUSE 12.2 Tumbleweed x86_64 sh-4.2$ rpm -q chromium chromium-suid-helper chromium-23.0.1259.0-274.1.x86_64 chromium-suid-helper-23.0.1259.0-274.1.x86_64 sh-4.2$ uname -r 3.4.6-2.10-desktop The same behaviour could also been seen upon downgrading to chromium 22 from the opensuse-current repository, so this seems to be 12.2 related. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c1
--- Comment #1 from Peter Hanisch
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c2
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c3
--- Comment #3 from Peter Hanisch
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c4
--- Comment #4 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c5
Peter Hanisch
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c9
Raymond Wooninck
https://bugzilla.novell.com/show_bug.cgi?id=779448
https://bugzilla.novell.com/show_bug.cgi?id=779448#c10
Raymond Wooninck
participants (1)
-
bugzilla_noreply@novell.com