Bug 835171

Summary: Chromium shows warning on launch unsupported command-line flag, security and stability will suffer launches with --no-sandbox
Product: [openSUSE] openSUSE 12.3 Reporter: Forgotten User jJeB05WhlB <forgotten_jJeB05WhlB>
Component: OtherAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: meissner
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.3   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: image of result

Description Forgotten User jJeB05WhlB 2013-08-16 12:17:00 UTC 
Created attachment 552873 [details]
image of result

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0

Installed chromium from repo: http://download.opensuse.org/update/12.3/ 
When launched from kicker, krunner or from cli, a warning is given "unsupported command-line flag, security and stability will suffer"

This is similar to: https://bugzilla.novell.com/show_bug.cgi?id=779448

My current version/install is:
chromium-30.0.1553.0-1.7.2.x86_64

here is result of chrome:version
http://paste.kde.org/p4ea45111/

If I try to launch by /usr/lib64/chromium/chromium

I get this:
The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/chrome_sandbox is owned by root and has mode 4755.


Reproducible: Always

Steps to Reproduce:
1.Install chromium from repo
2.launch app
3.
Actual Results:  
App shows warning.

Expected Results:  
App should not show this warning

After long discussions on IRC channel #suse resolved the issue using method in https://bugzilla.novell.com/show_bug.cgi?id=779448
A dev from channel #chromium_support says that the package is broken and is a serious security issue.
http://paste.kde.org/p7b96f99f
Comment 1 Marcus Meissner 2013-08-16 12:58:05 UTC 
well, what permissions had /usr/lib/chrome_sandbox  on your machine?
Comment 2 Marcus Meissner 2013-08-16 13:02:16 UTC 
and what security setting do you have configured?
Comment 3 Forgotten User jJeB05WhlB 2013-08-16 13:05:19 UTC 
 = -rwxr-xr-x 1 root root 18840 Jul  4 12:34 /usr/lib/chrome_sandbox


 grep PERMISSION_SECURITY /etc/sysconfig/security
PERMISSION_SECURITY="secure local"
# PERMISSION_SECURITY. If PERMISSION_SECURITY contains 'secure' or
Comment 4 Marcus Meissner 2013-08-16 14:29:26 UTC 
basically a dup of bug 779448


we will review the setuid-root usage in "secure" mode too. until then you could use the permissions.local override on your system.

*** This bug has been marked as a duplicate of bug 779448 ***