On Wed, Nov 23, 2011 at 7:43 PM, Michael Gilbert wrote: > On Wed, Nov 23, 2011 at 7:12 PM, wrote: >>>>>>> "YP" == Yves-Alexis Perez writes: >> >> YP> I'm not sure telling people to use --no-sandbox without telling them >> YP> what they lose is a good idea. Sandboxing is here for a reason. > > I find the "no-sandbox" label sufficiently descriptive, but for > completeness sake, this option will (as it sounds) disable chromium's > process isolating "sandbox" feature. This means that the security > hardening feature, which normally makes it very hard for data to leak > between chromium processes (i.e. tabs), will be off.
And of course makes it hard (hopefully) for attackers to break out of that sandbox to get access (read/write) to anything else in memory. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CANTw=MMegNX3J70FfY7r6Who7Nbrc=ZwD=ygd79bstpgokt...@mail.gmail.com
