On Fri, 11 Dec 2009 09:21:39 +0100, Thomas Bächler <thomas@archlinux.org> wrote:
Pierre Schmitz schrieb:
Am Freitag 11 Dezember 2009 01:02:34 schrieb Thomas Bächler:
If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever"
is sufficient.
The point is that it does not work. See
http://src.chromium.org/svn/releases/4.0.267.0/src/chrome/browser/zygote_hos...
At least I didn't get it working; but it might be possible. A good starting point is http://code.google.com/p/chromium/wiki/LinuxSandboxing
It checks explicitly whether the "sandbox binary" is setuid, which is as
stupid as using a setuid binary in the first place. What does the "sandbox binary" even do exactly? If you really need setuid for it, it's
certainly a stupid design.
Using a suid helper binary is just used as a fallback on systems where you don't have apparmor, selinux and such. They are working on a seccomp implementation though and if I read our kernel config correctly we have supprot for that. So hacking up a sandbox implementation which uses capabilities to chroot wont be worth the effort as the suid sansbox is a temporary solution anyway. Fun fact: due to its design netscape plugins cannot be sandboxed; so you could simply compromise chromium by a flashplugin exploit I guess. Another reason why we should get rid of flash soon. -- Pierre Schmitz, https://users.archlinux.de/~pierre