search

alixaxel / chrome-aws-lambda

Chromium Binary for AWS Lambda and Google Cloud Functions
MIT License
3.2k stars 292 forks source link

QUESTION: implications of using flags that disable security features #273

Open anisjonischkeit opened 2 years ago

anisjonischkeit commented 2 years ago

Hi, thanks for putting this package together, it looks great! I'm just wondering if there are security implications that are introduced be setting some of the flags that are needed to run in lambda. Ones I am concerned about are:

'--allow-running-insecure-content', // https://source.chromium.org/search?q=lang:cpp+symbol:kAllowRunningInsecureContent&ss=chromium
'--disable-setuid-sandbox', // https://source.chromium.org/search?q=lang:cpp+symbol:kDisableSetuidSandbox&ss=chromium
'--disable-site-isolation-trials', // https://source.chromium.org/search?q=lang:cpp+symbol:kDisableSiteIsolation&ss=chromium
'--disable-web-security', // https://source.chromium.org/search?q=lang:cpp+symbol:kDisableWebSecurity&ss=chromium
'--enable-features=SharedArrayBuffer', // https://source.chromium.org/search?q=file:content_features.cc&ss=chromium
'--no-sandbox', // https://source.chromium.org/search?q=lang:cpp+symbol:kNoSandbox&ss=chromium

It would be great to understand what the attack surface is when disabling these, when it's fine and when you should probably find a way around disabling these features