WebKit Bugzilla
Attachment 373244 Details for
Bug 199367
: [GTK][WPE] Explicitly blacklist problematic directories for sandbox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199367-20190701100934.patch (text/plain), 2.87 KB, created by
Patrick Griffis
on 2019-07-01 10:09:34 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Patrick Griffis
Created:
2019-07-01 10:09:34 PDT
Size:
2.87 KB
patch
obsolete
>Subversion Revision: 246826 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index c939e7662778cc2b3c75b642691a109fc47c2e81..f172327b19982187420946f43513b7252a3317b4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,14 @@ >+2019-07-01 Patrick Griffis <pgriffis@igalia.com> >+ >+ [GTK][WPE] Explicitly blacklist problematic directories for sandbox >+ https://bugs.webkit.org/show_bug.cgi?id=199367 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * UIProcess/API/glib/WebKitWebContext.cpp: >+ (path_is_not_blacklisted): >+ (webkit_web_context_add_path_to_sandbox): >+ > 2019-06-25 Daniel Bates <dabates@apple.com> > > Non-editable text selections should be modifiable with hardware keyboard >diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >index a4a0fefe2f94b35dbd458a81ccf5a32c5074c3ae..78d509e9507a3ecb6736bc7e7c141eb1cf5de6f2 100644 >--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >@@ -1185,6 +1185,22 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > context->priv->processPool->setSandboxEnabled(enabled); > } > >+static bool pathIsNotBlacklisted(const char* path) >+{ >+ /* These are backend specific though the blacklist covers all for consistent support */ >+ const Vector<CString> blacklistedPrefixes = { >+ "tmp", /* This doesn't work with flatpak-spawn */ >+ /* The rest of these are re-created by the bwrap sandbox in both cases and don't make sense */ >+ "sys", "proc", "dev", >+ /* A value of just `/` also doesn't make sense */ >+ "", >+ }; >+ >+ /* NOTE: Due to previous check there is always 1 leading `/` */ >+ GUniquePtr<char*> splitPath(g_strsplit(path, G_DIR_SEPARATOR_S, 3)); >+ return blacklistedPrefixes.find(splitPath.get()[1]) == WTF::notFound; >+} >+ > /** > * webkit_web_context_add_path_to_sandbox: > * @context: a #WebKitWebContext >@@ -1195,6 +1211,9 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > * has been created otherwise it will be silently ignored. It is a fatal error to > * add paths after a web process has been spawned. > * >+ * Paths in directories such as `/tmp`, `/sys`, `/proc`, and `/dev` or all of `/` are not valid. >+ * You may want to use `/var/tmp` as an alternative to `/tmp`. >+ * > * See also webkit_web_context_set_sandbox_enabled() > * > * Since: 2.26 >@@ -1203,6 +1222,7 @@ void webkit_web_context_add_path_to_sandbox(WebKitWebContext* context, const cha > { > g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context)); > g_return_if_fail(g_path_is_absolute(path)); >+ g_return_if_fail(pathIsNotBlacklisted(path)); > > if (context->priv->processPool->processes().size()) > g_error("Sandbox paths cannot be changed after subprocesses were spawned.");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=373244">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199367
:
373238
|
373240
|
373243
|
373244
|
373250
|
373349