Bug 593370 - Google Chrome's Zygote-Sandbox
Summary: Google Chrome's Zygote-Sandbox
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-18 16:06 UTC by Tyler Starke
Modified: 2010-05-18 19:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-18 19:38:16 UTC

Attachments (Terms of Use)

Description Tyler Starke 2010-05-18 16:06:29 UTC
Description of problem:
Google Chrome's Zygote-Sandbox chroots each and every new tab as it is being created. A Super User is required to set a chroot. If an obfuscated script prevents the tab from dropping root the entire system is compromised. Please force a change in Google's behaviour on Linux.

Additional info:
The zygote_main_linx.cc (src/chrome/browser) file contains code that calls the sandbox.h (src/sandbox/linux/seccomp) header. The header declares an external variable "C", which to the sandbox.c (src/sandbox/linux/suid) translates too 'chroot' me (line 63). This happens with every fork and it must stop! It is a compromise of the total system, the root!

Comment 1 Tomas Hoger 2010-05-18 16:20:45 UTC
What component is this report for?  Sounds like a Google Chrome / Chromium, so it should be reported in chromium bug tracker, no?

Comment 2 Tyler Starke 2010-05-18 16:38:13 UTC
hmmm. I guess you are right. I don't have a login there, thought here would be a good spot. I'll look for the Google bugzilla. Anyways, heads up on the zygote forking process. It doesn't have a clean start.

Comment 3 Tomas Hoger 2010-05-18 16:58:42 UTC
(In reply to comment #2)
> I'll look for the Google bugzilla.


Comment 4 Tyler Starke 2010-05-18 17:06:56 UTC
Thanks Tomas. Sorry for the mistake. I got it here: http://is.gd/ceQ4o or issue 44469 if you don't trust shortened links.

Comment 5 Tomas Hoger 2010-05-18 19:38:16 UTC
http://code.google.com/p/chromium/issues/detail?id=44469 for the unshortened link.  Chrome / Chromium is not part of Fedora or Red Hat product, closing.

Note You need to log in before you can comment on or make changes to this bug.