zygote process with no sandbox?
292 views
Skip to first unread message
Giang Nguyen
Apr 20, 2016, 1:21:38 PM4/20/16
to headless-dev
Hi,
When I launch a single headless shell I see a second process of type zygote run without sandbox:
headless_shell --type=zygote --no-sandbox
Should I be concerned, i.e., am I potentially more vulnerable to malicious websites?
Thanks,
When I launch a single headless shell I see a second process of type zygote run without sandbox:
headless_shell --type=zygote --no-sandbox
Should I be concerned, i.e., am I potentially more vulnerable to malicious websites?
Thanks,
Sami Kyostila
Apr 20, 2016, 1:47:15 PM4/20/16
to Giang Nguyen, headless-dev
Headless shell currently runs in single process mode without a sandbox and the zygote process you see is just the zygote host which isn't used for anything. The only reason for this is that this is the way we started prototyping -- I'm planning to soon change things so that we are sandboxed and multi-process by default.
- Sami
--
You received this message because you are subscribed to the Google Groups "headless-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to headless-dev...@chromium.org.
To post to this group, send email to headle...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/headless-dev/b24292e2-9c87-4d96-8342-633a95fee4bf%40chromium.org.
Giang Nguyen
Apr 20, 2016, 2:07:07 PM4/20/16
to Sami Kyostila, headless-dev
Ah, so currently, I can safely prevent the zygote from launching, or
kill it once it's launched, without affecting anything. Is that right?
Thanks!
kill it once it's launched, without affecting anything. Is that right?
Thanks!
Sami Kyostila
Apr 21, 2016, 6:27:39 AM4/21/16
to Giang Nguyen, headless-dev
Right.
- Sami
Reply all
Reply to author
Forward
0 new messages