Browser-laptop: Add alert for --no-sandbox [feature-request]

Created on 27 Sep 2017 · 9Comments · Source: brave/browser-laptop

Refference Issue

11134

Description

I was given no alert that brave was running with --no-sandbox. I was just curious and stumbled across the running command looking at top.

Steps to Reproduce

$ brave --no-sandbox

Expected result:
I expected an alert that --no-sandbox is being used.

Google Chrome gives this alert when --no-sandbox is being used:
"You are using an unsupported command-line flag: --no-sandbox. Stability and security will suffer."

Maybe brave's alert could have a link to a webpage for more information.

Brave Version

Brave: 0.18.36
rev: 7ab85e97318fef041433b0c3d73b457205fae805
Muon: 4.3.22
libchromiumcontent: 61.0.3163.79
V8: 6.1.534.32
Node.js: 7.9.0
Update Channel: dev
OS Platform: Linux
OS Release: 4.13.3-1-hardened
OS Architecture: x64

prioritP3 sec-low security suggestion wontfix

Source

CurtisLeeBolin

👍3

Most helpful comment

@hugobuddel, never showing the security alert isn't the answer. It is necessary to show the user they are running the program with degraded security. You should ask for the option to don't show this alert again on the alert.

CurtisLeeBolin on 25 Apr 2018

👍2

All 9 comments

@luixxiul, I am requesting this alert for all OSes, not just Linux.

CurtisLeeBolin on 27 Sep 2017

@luixxiul, I also think this warrants the label "security".

CurtisLeeBolin on 27 Sep 2017

cc: @diracdeltas @darkdh for triage

bsclifton on 28 Sep 2017

Please don't add this alert! Using Brave without sandbox is the only way for me to run it on my work machine.

My machine at work runs Scientific Linux 7.4 and I don't have root access, so I can't deploy fixes like this: https://github.com/brave/browser-laptop/issues/6902#issuecomment-375712955

Having some alert nagging me about some issue beyond my control each time I start Brave would get very annoying very quickly.