What does the Chromium option `--no-sandbox` mean?
Clash Royale CLAN TAG#URR8PPP
up vote
31
down vote
favorite
I'm running Chromium like so : chromium --no-sandbox
I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.
Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?
Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?
What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)
security chrome browser sandbox
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
add a comment |
up vote
31
down vote
favorite
I'm running Chromium like so : chromium --no-sandbox
I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.
Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?
Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?
What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)
security chrome browser sandbox
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
8
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
1
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21
add a comment |
up vote
31
down vote
favorite
up vote
31
down vote
favorite
I'm running Chromium like so : chromium --no-sandbox
I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.
Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?
Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?
What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)
security chrome browser sandbox
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
I'm running Chromium like so : chromium --no-sandbox
I'm doing this because I'm running Debian Squeeze on an OpenVZ VM Container and it's the only way I can get it to work.
Though I keep reading this is terrible. But I want to know why exactly. Can someone please explain it to me?
Does someone need to hack into your computer to do damage? Or does the vulnerability come from a file on the web like a JavaScript file?
What if I locked browsing down to only a handful of "trusted" sites?
(Gmail, stackexchange (ofcourse), and facebook)
security chrome browser sandbox
security chrome browser sandbox
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
edited Mar 22 '13 at 19:31
jasonwryan
48.9k14134184
48.9k14134184
asked Mar 22 '13 at 19:22
capdragon
3131512
asked Mar 22 '13 at 19:22
capdragon
3131512
asked Mar 22 '13 at 19:22
capdragon
3131512
3131512
8
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
1
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21
add a comment |
8
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
1
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21
8
8
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
1
1
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21
add a comment |
2 Answers
2
active
oldest
votes
up vote
8
down vote
accepted
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
Quick introduction to Chrome's sandbox.- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)
edited Dec 8 at 1:44
Ryan Sandridge
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
add a comment |
up vote
-2
down vote
For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html
Extract the file - you will get a folder called chromium-linux
Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).
Run these four commands individually:
sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapperWhen I do that, I am good to go.
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68832%2fwhat-does-the-chromium-option-no-sandbox-mean%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
8
down vote
accepted
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
Quick introduction to Chrome's sandbox.- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)
edited Dec 8 at 1:44
Ryan Sandridge
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
add a comment |
up vote
8
down vote
accepted
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
Quick introduction to Chrome's sandbox.- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)
edited Dec 8 at 1:44
Ryan Sandridge
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
add a comment |
up vote
8
down vote
accepted
up vote
8
down vote
accepted
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
Quick introduction to Chrome's sandbox.- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)
edited Dec 8 at 1:44
Ryan Sandridge
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
I was not sure I could post it as an answer as I did not specifically address "where vulnerability comes from" - and mere refs then own words. But anyhow –
Hopefully this shed some light on the topic of sandbox:
Quick introduction to Chrome's sandbox.- More in depth design document. With internal links to FAQ, etc.
And as stated, Google themselves recommend using another browser than using Chrome without sandbox. And then obviously understood as if one can fix it then that would be preferred ;)
edited Dec 8 at 1:44
Ryan Sandridge
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
edited Dec 8 at 1:44
Ryan Sandridge
1035
edited Dec 8 at 1:44
Ryan Sandridge
1035
edited Dec 8 at 1:44
Ryan Sandridge
1035
1035
answered Mar 23 '13 at 21:52
Runium
18k42959
answered Mar 23 '13 at 21:52
Runium
18k42959
answered Mar 23 '13 at 21:52
Runium
18k42959
18k42959
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
add a comment |
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
That's okay. those references give me all the information I need to know.
– capdragon
Mar 24 '13 at 19:50
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
i cant read comics because they annoy me so much, tldr?
– meffect
Mar 12 '17 at 7:11
add a comment |
up vote
-2
down vote
For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html
Extract the file - you will get a folder called chromium-linux
Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).
Run these four commands individually:
sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapperWhen I do that, I am good to go.
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
add a comment |
up vote
-2
down vote
For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html
Extract the file - you will get a folder called chromium-linux
Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).
Run these four commands individually:
sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapperWhen I do that, I am good to go.
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
add a comment |
up vote
-2
down vote
up vote
-2
down vote
For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html
Extract the file - you will get a folder called chromium-linux
Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).
Run these four commands individually:
sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapperWhen I do that, I am good to go.
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
For 64 bit Linux, download the zip file at http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html
Extract the file - you will get a folder called chromium-linux
Move the folder to wherever you want - I move it to my /home folder. Navigate to that folder and open a terminal there (the previous two steps may be reversed).
Run these four commands individually:
sudo mv chrome_sandbox chrome-sandbox
sudo chown root chrome-sandbox
sudo chmod 4755 chrome-sandbox
./chrome-wrapperWhen I do that, I am good to go.
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
edited Dec 14 '13 at 5:47
jasonwryan
48.9k14134184
48.9k14134184
answered Dec 14 '13 at 4:49
lyle fairfield
1
answered Dec 14 '13 at 4:49
lyle fairfield
1
answered Dec 14 '13 at 4:49
lyle fairfield
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f68832%2fwhat-does-the-chromium-option-no-sandbox-mean%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
8
Long time since I've seen facebook and trusted in same sentence ;) Anyheuw; does this help? Or the more detailed devel doc. Google themselves recommend using another browser then using Chrome without sandbox. Tried opera?
– Runium
Mar 22 '13 at 19:46
Wow. It does help a lot. I'm using Iceweasel just fine but I want my bookmarks that I've syncd in chrome.
– capdragon
Mar 22 '13 at 20:08
1
I suppose I should use xmarks then.
– capdragon
Mar 22 '13 at 20:20
@Sukminder Please enter your comment as an answer so I can give you credit.
– capdragon
Mar 22 '13 at 20:21