Linked by Thom Holwerda on Wed 3rd Jun 2009 11:21 UTC, submitted by Hakime
One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
Thread beginning with comment 366813
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Read a bit more closely
by puenktchen on Thu 4th Jun 2009 10:04
in reply to "Read a bit more closely"
Member since:2007-07-27
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2007-04-06
If one reads the http://code.google.com/p/chromium/wiki/LinuxSandboxing more closely, the charge that it is a 'mess' under Linux falls short.
The page is intended as an archive, or a discussion of the different ways sandboxing could be achieved on Linux. The page clearly states 'Some of these are bad ideas, but included so that their flaws can be remembered for future discussion.' And yes, some of the approaches listed are limited by which distros support them, but overall, the problem is not that there is a surfeit of ideas, but deciding which one of the multiple ways is best.
Based on what I read from the page, the last entry, seccomp seems the most promising approach, as it would provide an effective means for separating the untrusted parts of the renderer while still allowing it to perform the necessary system calls. It would work across platforms.
I also agree with previous posters that requiring that the user be root to install Chrome is not much of a limitation. We already need root privs to install most of our packages - why should Chrome be different?