Linked by Thom Holwerda on Wed 3rd Jun 2009 11:21 UTC, submitted by Hakime
Google One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
Permalink for comment 366779
To read all comments associated with this story, please click here.
That's fine
by thecwin on Wed 3rd Jun 2009 12:25 UTC
thecwin
Member since:
2006-01-04

At least while there's no consensus across distros, they may as well continue releasing it without sandboxing and let the users/distributors deal with it. If Ubuntu gets a Chrome package, it will probably have the relevant sandboxing configuration included.

Bear in mind that different security frameworks, while a pain, is probably better for security in the end. If a big huge bug in SELinux is found, it's not going to affect me using AppArmour on my theoretically Ubuntu packaged Chrome. That will even help the SELinux users, as viruses rely on there being lots of vulnerable people to spread efficiently.

Perhaps a better long term solution is for distrubtors to work on a lowest common denominator method of specifying sandboxing that will work across all packaging systems. Or use chroot ;)

Reply Score: 4