What does the Chromium option `--no-sandbox` mean?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
31
down vote

favorite
3












I'm running Chromium like so : chromium --no-sandbox



I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.



Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?



Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?



What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)










share|improve this question



















  • 8




    Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
    – Runium
    Mar 22 '13 at 19:46











  • Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
    – capdragon
    Mar 22 '13 at 20:08






  • 1




    I suppose I should use xmarks then.
    – capdragon
    Mar 22 '13 at 20:20










  • @Sukminder Please enter your comment as an answer so I can give you credit.
    – capdragon
    Mar 22 '13 at 20:21














up vote
31
down vote

favorite
3












I'm running Chromium like so : chromium --no-sandbox



I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.



Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?



Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?



What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)










share|improve this question



















  • 8




    Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
    – Runium
    Mar 22 '13 at 19:46











  • Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
    – capdragon
    Mar 22 '13 at 20:08






  • 1




    I suppose I should use xmarks then.
    – capdragon
    Mar 22 '13 at 20:20










  • @Sukminder Please enter your comment as an answer so I can give you credit.
    – capdragon
    Mar 22 '13 at 20:21












up vote
31
down vote

favorite
3









up vote
31
down vote

favorite
3






3





I'm running Chromium like so : chromium --no-sandbox



I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.



Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?



Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?



What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)










share|improve this question















I'm running Chromium like so : chromium --no-sandbox



I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.



Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?



Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?



What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)







security chrome browser sandbox






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 22 '13 at 19:31









jasonwryan

48.9k14134184




48.9k14134184










asked Mar 22 '13 at 19:22









capdragon

3131512




3131512







  • 8




    Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
    – Runium
    Mar 22 '13 at 19:46











  • Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
    – capdragon
    Mar 22 '13 at 20:08






  • 1




    I suppose I should use xmarks then.
    – capdragon
    Mar 22 '13 at 20:20










  • @Sukminder Please enter your comment as an answer so I can give you credit.
    – capdragon
    Mar 22 '13 at 20:21












  • 8




    Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
    – Runium
    Mar 22 '13 at 19:46











  • Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
    – capdragon
    Mar 22 '13 at 20:08






  • 1




    I suppose I should use xmarks then.
    – capdragon
    Mar 22 '13 at 20:20










  • @Sukminder Please enter your comment as an answer so I can give you credit.
    – capdragon
    Mar 22 '13 at 20:21







8




8




Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46





Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46













Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08




Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08




1




1




I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20




I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20












@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21




@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21










2 Answers
2






active

oldest

votes

















up vote
8
down vote



accepted










I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –



Hopefully this shed some light on the topic of sandbox:




  • Quick introduction to Chrome's sandbox.

  • More in depth design document. With internal links to FAQ, etc.

And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)






share|improve this answer






















  • That's okay. those references give me all the information I need to know.
    – capdragon
    Mar 24 '13 at 19:50










  • i cant read comics because they annoy me so much, tldr?
    – meffect
    Mar 12 '17 at 7:11

















up vote
-2
down vote













For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html



Extract the file - you will get a folder called chromium-linux



Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).



Run these four commands individually:



sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapper


When I do that, I am good to go.






share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68832%2fwhat-does-the-chromium-option-no-sandbox-mean%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    8
    down vote



    accepted










    I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –



    Hopefully this shed some light on the topic of sandbox:




    • Quick introduction to Chrome's sandbox.

    • More in depth design document. With internal links to FAQ, etc.

    And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)






    share|improve this answer






















    • That's okay. those references give me all the information I need to know.
      – capdragon
      Mar 24 '13 at 19:50










    • i cant read comics because they annoy me so much, tldr?
      – meffect
      Mar 12 '17 at 7:11














    up vote
    8
    down vote



    accepted










    I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –



    Hopefully this shed some light on the topic of sandbox:




    • Quick introduction to Chrome's sandbox.

    • More in depth design document. With internal links to FAQ, etc.

    And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)






    share|improve this answer






















    • That's okay. those references give me all the information I need to know.
      – capdragon
      Mar 24 '13 at 19:50










    • i cant read comics because they annoy me so much, tldr?
      – meffect
      Mar 12 '17 at 7:11












    up vote
    8
    down vote



    accepted







    up vote
    8
    down vote



    accepted






    I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –



    Hopefully this shed some light on the topic of sandbox:




    • Quick introduction to Chrome's sandbox.

    • More in depth design document. With internal links to FAQ, etc.

    And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)






    share|improve this answer














    I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –



    Hopefully this shed some light on the topic of sandbox:




    • Quick introduction to Chrome's sandbox.

    • More in depth design document. With internal links to FAQ, etc.

    And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Dec 8 at 1:44









    Ryan Sandridge

    1035




    1035










    answered Mar 23 '13 at 21:52









    Runium

    18k42959




    18k42959











    • That's okay. those references give me all the information I need to know.
      – capdragon
      Mar 24 '13 at 19:50










    • i cant read comics because they annoy me so much, tldr?
      – meffect
      Mar 12 '17 at 7:11
















    • That's okay. those references give me all the information I need to know.
      – capdragon
      Mar 24 '13 at 19:50










    • i cant read comics because they annoy me so much, tldr?
      – meffect
      Mar 12 '17 at 7:11















    That's okay. those references give me all the information I need to know.
    – capdragon
    Mar 24 '13 at 19:50




    That's okay. those references give me all the information I need to know.
    – capdragon
    Mar 24 '13 at 19:50












    i cant read comics because they annoy me so much, tldr?
    – meffect
    Mar 12 '17 at 7:11




    i cant read comics because they annoy me so much, tldr?
    – meffect
    Mar 12 '17 at 7:11












    up vote
    -2
    down vote













    For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html



    Extract the file - you will get a folder called chromium-linux



    Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).



    Run these four commands individually:



    sudo mv chrome_sandbox chrome-sandbox
    sudo chown root chrome-sandbox
    sudo chmod 4755 chrome-sandbox
    ./chrome-wrapper


    When I do that, I am good to go.






    share|improve this answer


























      up vote
      -2
      down vote













      For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html



      Extract the file - you will get a folder called chromium-linux



      Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).



      Run these four commands individually:



      sudo mv chrome_sandbox chrome-sandbox
      sudo chown root chrome-sandbox
      sudo chmod 4755 chrome-sandbox
      ./chrome-wrapper


      When I do that, I am good to go.






      share|improve this answer
























        up vote
        -2
        down vote










        up vote
        -2
        down vote









        For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html



        Extract the file - you will get a folder called chromium-linux



        Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).



        Run these four commands individually:



        sudo mv chrome_sandbox chrome-sandbox
        sudo chown root chrome-sandbox
        sudo chmod 4755 chrome-sandbox
        ./chrome-wrapper


        When I do that, I am good to go.






        share|improve this answer














        For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html



        Extract the file - you will get a folder called chromium-linux



        Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).



        Run these four commands individually:



        sudo mv chrome_sandbox chrome-sandbox
        sudo chown root chrome-sandbox
        sudo chmod 4755 chrome-sandbox
        ./chrome-wrapper


        When I do that, I am good to go.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 14 '13 at 5:47









        jasonwryan

        48.9k14134184




        48.9k14134184










        answered Dec 14 '13 at 4:49









        lyle fairfield

        1




        1



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68832%2fwhat-does-the-chromium-option-no-sandbox-mean%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?