WebKit Bugzilla
Attachment 373349 Details for
Bug 199367
: [GTK][WPE] Explicitly blacklist problematic directories for sandbox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199367-20190702115737.patch (text/plain), 2.96 KB, created by
Patrick Griffis
on 2019-07-02 11:57:37 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Patrick Griffis
Created:
2019-07-02 11:57:37 PDT
Size:
2.96 KB
patch
obsolete
>Subversion Revision: 246826 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index c939e7662778cc2b3c75b642691a109fc47c2e81..59d2fdd3d5bb6e0e92558164485e0c5295ebf62e 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2019-07-01 Patrick Griffis <pgriffis@igalia.com> >+ >+ [GTK][WPE] Explicitly blacklist problematic directories for sandbox >+ https://bugs.webkit.org/show_bug.cgi?id=199367 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ There are some directories that simply do not make sense to bind into the sandbox >+ and will only cause issues such as `/proc` so lets just block them. >+ >+ * UIProcess/API/glib/WebKitWebContext.cpp: >+ (path_is_not_blacklisted): >+ (webkit_web_context_add_path_to_sandbox): >+ > 2019-06-25 Daniel Bates <dabates@apple.com> > > Non-editable text selections should be modifiable with hardware keyboard >diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >index a4a0fefe2f94b35dbd458a81ccf5a32c5074c3ae..bfc567ced5bb1701d3ac92767aebaa42db2c397a 100644 >--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >@@ -1185,6 +1185,21 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > context->priv->processPool->setSandboxEnabled(enabled); > } > >+static bool pathIsBlacklisted(const char* path) >+{ >+ static const Vector<CString, 4> blacklistedPrefixes = { >+ // These are recreated by bwrap and it doesn't make sense to try and rebind them. >+ "sys", "proc", "dev", >+ "", // All of `/` isn't acceptable. >+ }; >+ >+ if (!g_path_is_absolute(path)) >+ return true; >+ >+ GUniquePtr<char*> splitPath(g_strsplit(path, G_DIR_SEPARATOR_S, 3)); >+ return blacklistedPrefixes.contains(splitPath.get()[1]); >+} >+ > /** > * webkit_web_context_add_path_to_sandbox: > * @context: a #WebKitWebContext >@@ -1195,6 +1210,9 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > * has been created otherwise it will be silently ignored. It is a fatal error to > * add paths after a web process has been spawned. > * >+ * Paths in directories such as `/sys`, `/proc`, and `/dev` or all of `/` >+ * are not valid. >+ * > * See also webkit_web_context_set_sandbox_enabled() > * > * Since: 2.26 >@@ -1202,7 +1220,11 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > void webkit_web_context_add_path_to_sandbox(WebKitWebContext* context, const char* path, gboolean readOnly) > { > g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context)); >- g_return_if_fail(g_path_is_absolute(path)); >+ >+ if (pathIsBlacklisted(path)) { >+ g_critical("Attempted to add disallowed path to sandbox: %s", path); >+ return; >+ } > > if (context->priv->processPool->processes().size()) > g_error("Sandbox paths cannot be changed after subprocesses were spawned.");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=373349">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199367
:
373238
|
373240
|
373243
|
373244
|
373250
| 373349