Remove SUID bit from /usr/lib/chromium-browser/chrome-sandbox
Bug #1799983 reported by
Jalon Funk
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Chromium can use two different techniques to sandbox itself:
- SUID sandbox
- User namespaces sandbox
User namespaces sandbox is preferred way and SUID sandbox is considered as legacy. Debian have to use SUID sandbox because they disable unprivileged user namespaces but Ubuntu doesn't and in fact use User namespaces sandbox currently thus the SUID bit on /usr/lib/
Please consider removing SUID bit from /usr/lib/
To post a comment you must log in.