jryans
commented
4 years ago Yes, you guessed correctly, it's required by the Chromium sandboxing approach that Electron inherits. https://github.com/vector-im/riot-web/issues/10509#issuecomment-521982502 provides a summary of the available options, both of which aren't very palatable.
I don't think Riot itself has much choice here unless Chromium makes a change or the desktop app is entirely rebuilt with [insert other tech stack here].
Description
On linux, the riot-web package installs /opt/Riot/chrome-sandbox as suid root, granting it superuser privileges to my entire system. This is a security risk.
I realize that this is probably baggage from Electron, but I do not particularly trust Electron or Chromium with system level privileges, and frankly, nobody should be expected to do so just for a chat application. Especially one so focused on privacy and security.
Version information