Mailinglist Archive: opensuse-bugs (3543 mails)

< Previous Next >
[Bug 718016] New: Please add file %{_libdir}/chromium/chrome_sandbox to the allowed programs with SUID-bit set on
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 15 Sep 2011 10:37:11 +0000
  • Message-id: <>

Summary: Please add file %{_libdir}/chromium/chrome_sandbox to
the allowed programs with SUID-bit set on
Classification: openSUSE
Product: openSUSE 12.1
Version: Factory
Platform: x86
OS/Version: SuSE Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: rwooninck@xxxxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.3 (KHTML,
like Gecko) Chrome/16.0.880.0 Safari/535.3 SUSE/16.0.880.0

I have resubmitted Chromium to factory again to resolve the few comments that
were given during the legal and build review. However for one comment, I would
need a review by the Security team.

The reason for this is that I am packaging a binary that requires the SUID-bit
to be on. This is the so called chrome_sandbox program and it doesn't do
anything else then giving access to the filesystem in a chroot'ed temp
directory. Further specifications can be seen at:

I also want to indicate that the sources used for this program are inside the
Chromium source tree, but fortunately located in a separate sub-directory
(chromium-suse/src/sandbox/linux/suid). This would prevent going through
around 2Gb of sources as that the program only consists out of 3 programs and
2 header files with a total size of around 15K.

The program is also created separately and is build after the main chromium
program. Unfortunately we cannot avoid this helper, as that chromium is now
explicitly checking that it is existing and that it has the SUID bits set on.

The SR for Chromium is #82199

Reproducible: Always

Steps to Reproduce:

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >