Public bug reported:
Chromium can use two different techniques to sandbox itself:
- SUID sandbox
- User namespaces sandbox
User namespaces sandbox is preferred way and SUID sandbox is considered
as legacy. Debian have to use SUID sandbox because they disable
unprivileged user namespaces but Ubuntu doesn't and in fact use User
namespaces sandbox currently thus the SUID bit on /usr/lib/chromium-
browser/chrome-sandbox is unnecessary and may be seen as liability from
security perspective.
Please consider removing SUID bit from /usr/lib/chromium-browser/chrome-
sandbox in Ubuntu packaging.
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799983
Title:
Remove SUID bit from /usr/lib/chromium-browser/chrome-sandbox
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1799983/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
