tags 585950 upstream severity normal thanks Hi,
On 06/15/2010 07:34 AM, Michael Gilbert wrote: > /usr/lib/chromium-browser/chromium-browser-sandbox has the suid bit > set. this is usually seen as a poor security practice, so this should > be unset. The sandbox model is not a poor security practice, it is just the opposite and it increases security even with a small suid helper binary to set things up. Indeed a better approach is the seccomp-based sandbox, but it's not quite ready: http://code.google.com/p/chromium/issues/detail?id=36133 http://code.google.com/p/chromium/issues/list?q=label:SeccompSandbox Cheers, Giuseppe.
signature.asc
Description: OpenPGP digital signature
