[arch-dev-public] Packaging Chromium for [extra]
pierre at archlinux.de
Sun Dec 13 18:52:22 EST 2009
On Fri, 11 Dec 2009 09:21:39 +0100, Thomas Bächler <thomas at archlinux.org>
> Pierre Schmitz schrieb:
>> Am Freitag 11 Dezember 2009 01:02:34 schrieb Thomas Bächler:
>>> If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever"
>>> is sufficient.
>> The point is that it does not work. See
>> At least I didn't get it working; but it might be possible. A good
>> point is http://code.google.com/p/chromium/wiki/LinuxSandboxing
> It checks explicitly whether the "sandbox binary" is setuid, which is as
> stupid as using a setuid binary in the first place. What does the
> "sandbox binary" even do exactly? If you really need setuid for it, it's
> certainly a stupid design.
Using a suid helper binary is just used as a fallback on systems where you
don't have apparmor, selinux and such. They are working on a seccomp
implementation though and if I read our kernel config correctly we have
supprot for that. So hacking up a sandbox implementation which uses
capabilities to chroot wont be worth the effort as the suid sansbox is a
temporary solution anyway.
Fun fact: due to its design netscape plugins cannot be sandboxed; so you
could simply compromise chromium by a flashplugin exploit I guess. Another
reason why we should get rid of flash soon.
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the arch-dev-public