Public bug reported:
Chromium can use two different techniques to sandbox itself:
- SUID sandbox
- User namespaces sandbox
User namespaces sandbox is preferred way and SUID sandbox is considered
as legacy. Debian have to use SUID sandbox because they disable
unprivileged user namespaces but Ubuntu doesn't and in fact use User
namespaces sandbox currently thus the SUID bit on /usr/lib/chromium-
browser/chrome-sandbox is unnecessary and may be seen as liability from
security perspective.
Please consider removing SUID bit from /usr/lib/chromium-browser/chrome-
sandbox in Ubuntu packaging.
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1799983
Title:
Remove SUID bit from /usr/lib/chromium-browser/chrome-sandbox
Status in chromium-browser package in Ubuntu:
New
Bug description:
Chromium can use two different techniques to sandbox itself:
- SUID sandbox
- User namespaces sandbox
User namespaces sandbox is preferred way and SUID sandbox is
considered as legacy. Debian have to use SUID sandbox because they
disable unprivileged user namespaces but Ubuntu doesn't and in fact
use User namespaces sandbox currently thus the SUID bit on /usr/lib
/chromium-browser/chrome-sandbox is unnecessary and may be seen as
liability from security perspective.
Please consider removing SUID bit from /usr/lib/chromium-browser
/chrome-sandbox in Ubuntu packaging.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1799983/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
