Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Add alert for --no-sandbox [feature-request] #11175

Closed
CurtisLeeBolin opened this issue Sep 27, 2017 · 9 comments
Closed

Add alert for --no-sandbox [feature-request] #11175

CurtisLeeBolin opened this issue Sep 27, 2017 · 9 comments

Comments

@CurtisLeeBolin
Copy link

Refference Issue

#11134

Description

I was given no alert that brave was running with --no-sandbox. I was just curious and stumbled across the running command looking at top.

Steps to Reproduce

$ brave --no-sandbox

Expected result:
I expected an alert that --no-sandbox is being used.

Google Chrome gives this alert when --no-sandbox is being used:
"You are using an unsupported command-line flag: --no-sandbox. Stability and security will suffer."

Maybe brave's alert could have a link to a webpage for more information.

Brave Version

Brave: 0.18.36
rev: 7ab85e9
Muon: 4.3.22
libchromiumcontent: 61.0.3163.79
V8: 6.1.534.32
Node.js: 7.9.0
Update Channel: dev
OS Platform: Linux
OS Release: 4.13.3-1-hardened
OS Architecture: x64

@CurtisLeeBolin
Copy link
Author

@luixxiul, I am requesting this alert for all OSes, not just Linux.

@CurtisLeeBolin
Copy link
Author

@luixxiul, I also think this warrants the label "security".

@bsclifton
Copy link
Member

cc: @diracdeltas @darkdh for triage

@diracdeltas diracdeltas added this to the 0.22.x milestone Sep 28, 2017
@diracdeltas diracdeltas added the priority/P3 Major loss of function. label Oct 3, 2017
@bbondy bbondy modified the milestones: 0.22.x (Nightly Channel), Backlog Oct 25, 2017
@bbondy bbondy modified the milestones: Triage Backlog, Prioritized Backlog Nov 2, 2017
@cezaraugusto cezaraugusto modified the milestones: Prioritized Backlog, Triage Backlog Nov 8, 2017
@bsclifton bsclifton modified the milestones: Triage Backlog, Prioritized Backlog Nov 21, 2017
@hugobuddel
Copy link
Contributor

Please don't add this alert! Using Brave without sandbox is the only way for me to run it on my work machine.

My machine at work runs Scientific Linux 7.4 and I don't have root access, so I can't deploy fixes like this: #6902 (comment)

Having some alert nagging me about some issue beyond my control each time I start Brave would get very annoying very quickly.

@CurtisLeeBolin
Copy link
Author

@hugobuddel, never showing the security alert isn't the answer. It is necessary to show the user they are running the program with degraded security. You should ask for the option to don't show this alert again on the alert.

@leodutra
Copy link

Fixed?

@leodutra
Copy link

Same issue on Arch Linux.

@bsclifton bsclifton modified the milestones: Backlog (Prioritized), Triage Backlog Sep 18, 2018
@bsclifton bsclifton removed this from the Triage Backlog milestone Sep 18, 2018
@dginovker
Copy link

dginovker commented Dec 9, 2018

Still occurring on Manjaro (Arch Linux)

edit: Version 0.56.15 Chromium: 70.0.3538.110 (Official Build) unknown (64-bit)

@tildelowengrimm
Copy link

This repo is for the older Muon-based Brave. For the newer Chromium-based Brave, please file an issue in brave-browser.

@brave brave locked as off-topic and limited conversation to collaborators Dec 31, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

10 participants