Ubuntu
chromium-browser package

Remove SUID bit from /usr/lib/chromium-browser/chrome-sandbox

Bug #1799983 reported by Jalon Funk on 2018-10-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	chromium-browser (Ubuntu)	New	Undecided	Unassigned

Bug Description

Chromium can use two different techniques to sandbox itself:
- SUID sandbox
- User namespaces sandbox

User namespaces sandbox is preferred way and SUID sandbox is considered as legacy. Debian have to use SUID sandbox because they disable unprivileged user namespaces but Ubuntu doesn't and in fact use User namespaces sandbox currently thus the SUID bit on /usr/lib/chromium-browser/chrome-sandbox is unnecessary and may be seen as liability from security perspective.

Please consider removing SUID bit from /usr/lib/chromium-browser/chrome-sandbox in Ubuntu packaging.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuchromium-browser package

Remove SUID bit from /usr/lib/chromium-browser/chrome-sandbox

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
chromium-browser package