Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Chromium sandbox and SUID root executable
January 9, 2010, 9:48 am
rate this thread
Installed the Chromium browser (beta) yesterday to take a look and test a
Today, due to a security report, I noticed that the Chromium package
installed a SUID root executable, /usr/lib64/chromium-browser/chrome-sandbox
My question is, why would a browser need a SUID root executable? Why would
it need or want root access?
Restricting a process exposed to the internet is a good idea but would it
not be better to use the security infrastructure already present in Linux
instead of creating some custom sandbox that needs SUID root and is a
potential risk in it self?!
Security Warning: change in Suid Root files found :
- Added Suid Root files : /usr/lib64/chromium-browser/chrome-sandbox
Security Warning: change in SUID files MD5 checksum found :
- Added SUID files MD5 checksum : 6c8503155cb994371b89782fcfa6d56e
Security Warning: change in packages found :
- Added packages : chromium-browser-4.0.270.0.r34457-1mdv2010.0
- Nico Kadel-Garcia
January 10, 2010, 12:39 am
Re: Chromium sandbox and SUID root executable
On a theoretical level? suid is an adventure. A small suid tool that
does one small thing can be more secure than relying on someone else's
non-cross-platform suid infrastructure. I'd be curious to see the
source code and see what that utility does, and it should be available
for review at http://code.google.com/chromium /.
- » Retrieve (public) certificate chain from remote HTTPS server
- — Next thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security