/bugtracker

Chromium enable seccomp by default #244

Closed
admin-assword opened this Issue Apr 24, 2016 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@admin-assword @thestinger
@admin-assword

admin-assword commented Apr 24, 2016

Please enable the seccomp-bpf flag by default on the pre-built images. As of right now, chromium is just utilizing the uid sandboxing, and not using seccomp (AFAIK/understand). It appears as though the kernel supports this feature, but it isn't used with chromium.

When this is enabled though, I'm not sure if it will help or hinder security (will this create an environment that will act as a sandbox inside of a sandbox - helping malicious content to break out of the sandbox? See https://en.m.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Deny_double-chroots)

One can enable this feature via
chrome://flags/#enable-seccomp-sandbox-android

Here is Chromium's bug info that this pertains to
https://bugs.chromium.org/p/chromium/issues/detail?id=166704#c33
@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Apr 24, 2016

Contributor

I can't enable an experimental feature like this without knowing that they're testing it upstream. We don't have the time to debug and develop this for them until it's ready. The only way this would be enabled early here is if the reason for it not being enabled upstream is related to Android fragmentation and it works fine on Nexus devices. Those issues aren't active enough to know why they haven't enabled it yet.
Contributor

thestinger commented Apr 24, 2016

I can't enable an experimental feature like this without knowing that they're testing it upstream. We don't have the time to debug and develop this for them until it's ready. The only way this would be enabled early here is if the reason for it not being enabled upstream is related to Android fragmentation and it works fine on Nexus devices. Those issues aren't active enough to know why they haven't enabled it yet.

@thestinger thestinger added Type: enhancement upstream labels Apr 24, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Apr 24, 2016

Contributor

Chromium on Android also doesn't use the namespace-based sandbox, it uses isolatedProcess which is an OS feature primarily based on SELinux. It's a stronger sandbox than namespaces provide and it already reduces kernel attack surface to a large extent, just not to the same level that their seccomp-bpf filter does.
Contributor

thestinger commented Apr 24, 2016

Chromium on Android also doesn't use the namespace-based sandbox, it uses isolatedProcess which is an OS feature primarily based on SELinux. It's a stronger sandbox than namespaces provide and it already reduces kernel attack surface to a large extent, just not to the same level that their seccomp-bpf filter does.
@admin-assword

This comment has been minimized.

Show comment Hide comment
@admin-assword

admin-assword Apr 24, 2016

OK thank you, that makes sense. I'll close this bug.

admin-assword commented Apr 24, 2016

OK thank you, that makes sense. I'll close this bug.

@admin-assword admin-assword closed this Apr 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment