Yikes. Now that is one interesting piece of information!

Reading up a bit on the sandbox stuff. Seems you can do the same with firefox using firejail.

I did not find any information on whether or not it requires root privileges yet, though...

It most certainly does
SUID means set user id as root.

Technically, if the sandbox is well designed, then it should contain any exploits and not allow privilege escalation. Even so, I don't trust Google and would much rather run firejail if I wanted to.

1 members found this post helpful.

In most cases this is probably true. However if I understand correctly it actually means set user id to the executable's owner. Without having looked at it in-depth I am thinking you might be able to create a dedicated user for that purpose and tweak the sandbox to run as that user. Does that make any sense. I am probably missing something...

That was my gut feel as well

You're right you could set it so that it runs with the permissions of another user, but usually that user is root. You could, of course, create another user with less than root powers, but enough to run the program and SUID to that.

1 members found this post helpful.

I am not hip on Google Chrome.
But I am able to run Vivaldi with sandbox disabled.

Maybe the same can be done on other browsers with a sandbox?

The sandbox needs to be setuid to root in order to setup the sandbox environment correctly. If this seems weird, think of a chroot. There you also need to be root to isolate everything. The way the sandbox works is somewhat similar. It allows Chromium to contain the processes.

Anyway, you have little to fear. If you run a Chromium based browser with a Chromium backend of 42 or above you no longer need to setuid the binary, as long as you are running a kernel or 3.17 or above. The sandbox now uses newer kernel features to achieve the sandboxing in a different (but equally secure) way.

Alternatively, if your Chromium based browser is stuck on a version lower than 42, it is possible to compile your own Chromium sandbox and use the variable CHROME_DEVEL_SANDBOX to point to it, if you do not trust the precompiled one that is shipped with Chrome, Vivaldi, etc.

@rokytnji: Disabling the sandbox is a pretty stupid idea IMHO. You are just making yourself less secure for no good reason. Use one of the two work arounds above if you do not trust a precompiled setuid binary from a reputable company.

1 members found this post helpful.

Ok. Just working with what a I know raurio and it was the only way to launch Vivaldi on my test box. I have moved on since that post but thanks for pointing that out.

Google is not a reputable company, so yeah I don't trust it. What can you expect from a company whose motto is "Don't be evil."

Indeed. "Don't be evil" is not to say "Be good."

Anybody who has to have that as a motto is a little untrustworthy, don't you think?
Should I take "Don't beat up old people and steal their money" as a motto?

haha

~Henrik Ibsen

Devils are made.
FF-Add-ons can come from anywhere, like Firefox can go anywhere... O_o

It looks like Firefox is losing users rapidly. It becomes worse and worse, adds garbage functionality, becomes slower and slower and probably less stable. And still the browser uses only one CPU core to handle everything while Chrome is more lightweight and uses all cores available. People complain a lot that Firefox breaks options with almost every update because thay always add, change and remove something and updates are frequent. And I've been Firefox dude for a lot of time now, I started to use it when Firefox 2 was around I believe. Last years it's been constant war of me against Firefox to make it look and work as older versions. And as time goes by this was becomes more and more difficult.

I wonder why I didn't think about it earlier, but several days ago I decided to remove Firefox from my system and completely switch to Chrome. And it's great! I won't explain all good experience I have with Chrome web surfing (it's unnecessary) but what I have to say is that this switch should've been done since Firefox 4 came out.

Look at the URL above, click down the months and see how Firefox loses people with every month passes (the older the month, the more users it had). The browser is going off stage.

I'm surprised that google is still doing chrome for linux. In every other project they have abandoned linux completely. Still no linux app for gdrive, no linux app for gphotos etc. I guess ChromeOS is what is keeping it alive since it is linux based.

1 members found this post helpful.