Bug 593370 - Google Chrome's Zygote-Sandbox
Google Chrome's Zygote-Sandbox
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity high
: ---
: ---
Assigned To: Red Hat Product Security
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-18 12:06 EDT by Tyler Starke
Modified: 2010-05-18 15:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-18 15:38:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tyler Starke 2010-05-18 12:06:29 EDT
Description of problem:
Google Chrome's Zygote-Sandbox chroots each and every new tab as it is being created. A Super User is required to set a chroot. If an obfuscated script prevents the tab from dropping root the entire system is compromised. Please force a change in Google's behaviour on Linux.

Additional info:
The zygote_main_linx.cc (src/chrome/browser) file contains code that calls the sandbox.h (src/sandbox/linux/seccomp) header. The header declares an external variable "C", which to the sandbox.c (src/sandbox/linux/suid) translates too 'chroot' me (line 63). This happens with every fork and it must stop! It is a compromise of the total system, the root!
Comment 1 Tomas Hoger 2010-05-18 12:20:45 EDT
What component is this report for?  Sounds like a Google Chrome / Chromium, so it should be reported in chromium bug tracker, no?
Comment 2 Tyler Starke 2010-05-18 12:38:13 EDT
hmmm. I guess you are right. I don't have a login there, thought here would be a good spot. I'll look for the Google bugzilla. Anyways, heads up on the zygote forking process. It doesn't have a clean start.
Comment 3 Tomas Hoger 2010-05-18 12:58:42 EDT
(In reply to comment #2)
> I'll look for the Google bugzilla.

http://www.chromium.org/for-testers/bug-reporting-guidelines
Comment 4 Tyler Starke 2010-05-18 13:06:56 EDT
Thanks Tomas. Sorry for the mistake. I got it here: http://is.gd/ceQ4o or issue 44469 if you don't trust shortened links.
Comment 5 Tomas Hoger 2010-05-18 15:38:16 EDT
http://code.google.com/p/chromium/issues/detail?id=44469 for the unshortened link.  Chrome / Chromium is not part of Fedora or Red Hat product, closing.

Note You need to log in before you can comment on or make changes to this bug.