Mailinglist Archive: opensuse-bugs (3543 mails)

< Previous Next >
[Bug 718016] AUDIT-0: chromium: setuid bit on %{_libdir}/chromium/chrome_sandbox

--- Comment #3 from Raymond Wooninck <rwooninck@xxxxxxxxxxxx> 2011-09-15
11:40:47 UTC ---
I can move the helper to any required location, as that the guidance is done by
setting an environment variable.

I could patch chromium to continue without sandbox until this is reviewed.
However I don't know if this wouldn't cause more security issues as that we
might get into the situation where through Chromium access to the filesystem
could be obtained.

There seems to be an alternative (using seccomp for the sandbox) however the
indications are that this is pushing the performance drastically (up to 4000%)
down. (outlined in

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >