135134 2014-07-21 16:41:56 -0700 Correct sandbox profiles to fix some excess privileges 2014-07-21 17:17:57 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 oliver oliver darin oldest_to_newest 1023801 0 oliver 2014-07-21 16:41:56 -0700 Correct sandbox profiles to fix some excess privileges 1023804 1 235253 oliver 2014-07-21 16:50:06 -0700 Created attachment 235253 Patch 1023811 2 235253 ap 2014-07-21 17:05:58 -0700 Comment on attachment 235253 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32 > +(allow file-read* file-write* (require-any ( > + extension "com.apple.app-sandbox.read-write") (extension "com.apple.app-sandbox.read-write"))) This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please fix. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) I think that com.apple.webkit.read-write is here by some misunderstanding. Please remove, or at the very least, please add a FIXME about removing it. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) Ditto. 1023819 3 oliver 2014-07-21 17:11:05 -0700 Committed r171322: <http://trac.webkit.org/changeset/171322> 1023823 4 darin 2014-07-21 17:17:57 -0700 (In reply to comment #3) > Committed r171322: <http://trac.webkit.org/changeset/171322> This contained the string “webkti” in a couple places. 235253 2014-07-21 16:50:06 -0700 2014-07-21 17:05:57 -0700 Patch bug-135134-20140721164950.patch text/plain 6191 oliver U3VidmVyc2lvbiBSZXZpc2lvbjogMTcxMzA0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYWY0YTZjN2ZlODM0ZDgz MGFmNGIxNGJiN2IyOTEzYmY4NTk5MTI2NC4uYjA3NDRhMTM5OGM0MmRjNWFkMGUyYWQxMjYzNDM3 NmU1NzQ0MzM1NiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI1IEBACisyMDE0LTA3LTIxICBPbGl2 ZXIgSHVudCAgPG9saXZlckBhcHBsZS5jb20+CisKKyAgICAgICAgQ29ycmVjdCBzYW5kYm94IHBy b2ZpbGVzIHRvIGZpeCBzb21lIGV4Y2VzcyBwcml2aWxlZ2VzCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMzUxMzQKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGlzIGNsZWFucyB1cCBvdXIgc2FuZGJveCBw cm9maWxlcyB0byBmaXggYSBmZXcgaXNzdWVzIC0gdGhlIHByb2ZpbGVzCisgICAgICAgIG5vIGxv bmdlciBhbGxvdyB1cyB0byBpc3N1ZSBmaWxlIGV4dGVuc2lvbiB3ZSBoYXZlIHRoZSBhYmlsaXR5 IHRvIGNvbnN1bWUsCisgICAgICAgIGFuZCB0aWdodGVucyBzb21lIG9mIHRoZSBvdGhlciBmaWxl IGFjY2VzcyBydWxlcy4KKworICAgICAgICBUaGlzIG1lYW5zIHdlIGhhdmUgdG8gYWRkZCBzb21l IHJ1bGVzIHRvIGFsbG93IHVzIHRvIGFjY2VzcyB0aGluZ3MKKyAgICAgICAgdGhhdCB3ZSBwcmV2 aW91c2x5IGhhZCBhY2Nlc3MgdG8gZHVlIHRvIGxheCBmaWxlIHN5c3RlbSByZXN0cmljdGlvbnMu CisKKyAgICAgICAgU29tZSBvZiB0aGUgZmVhdHVyZXMgd2VyZSBmaXhhYmxlIHNpbXBseSBieSB1 c2luZyBlbnRpdGxlbWVudHMgb24gdGhlCisgICAgICAgIHByb2Nlc3MgcmF0aGVyIHRoYW4gY3Vz dG9tIHJ1bGVzLgorCisgICAgICAgICogQ29uZmlndXJhdGlvbnMvV2ViQ29udGVudC1pT1MuZW50 aXRsZW1lbnRzOgorICAgICAgICAqIFJlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5h cHBsZS5XZWJLaXQuRGF0YWJhc2VzLnNiOgorICAgICAgICAqIFJlc291cmNlcy9TYW5kYm94UHJv ZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0d29ya2luZy5zYjoKKyAgICAgICAgKiBSZXNv dXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQuc2I6 CisKIDIwMTQtMDctMjEgIEJyYWR5IEVpZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgogCiAgICAg ICAgIERhdGFiYXNlUHJvY2VzcyBkb2Vzbid0IHJlbGF1bmNoIGFmdGVyIGNyYXNoaW5nLgpkaWZm IC0tZ2l0IGEvU291cmNlL1dlYktpdDIvQ29uZmlndXJhdGlvbnMvV2ViQ29udGVudC1pT1MuZW50 aXRsZW1lbnRzIGIvU291cmNlL1dlYktpdDIvQ29uZmlndXJhdGlvbnMvV2ViQ29udGVudC1pT1Mu ZW50aXRsZW1lbnRzCmluZGV4IDUxNWMxZjdhZWE5OWJjYmU5YWRiZjZjNzljZTAxZTVmOWYxODhj NWQuLjljNDdjOWU4MzliN2I2ZjY2YjM0ODk0NTYzNmRhZDc1ZDU0OTFlYjggMTAwNjQ0Ci0tLSBh L1NvdXJjZS9XZWJLaXQyL0NvbmZpZ3VyYXRpb25zL1dlYkNvbnRlbnQtaU9TLmVudGl0bGVtZW50 cworKysgYi9Tb3VyY2UvV2ViS2l0Mi9Db25maWd1cmF0aW9ucy9XZWJDb250ZW50LWlPUy5lbnRp dGxlbWVudHMKQEAgLTEwLDYgKzEwLDEwIEBACiAJPHRydWUvPgogCTxrZXk+Y29tLmFwcGxlLnBy aXZhdGUud2ViaW5zcGVjdG9yLnByb3h5LWFwcGxpY2F0aW9uPC9rZXk+CiAJPHRydWUvPgorCTxr ZXk+Y29tLmFwcGxlLmxvY2F0aW9uZC5hdXRob3JpemVhcHBsaWNhdGlvbnM8L2tleT4KKwk8dHJ1 ZS8+CisJPGtleT5jb20uYXBwbGUubG9jYXRpb25kLmVmZmVjdGl2ZV9idW5kbGU8L2tleT4KKwk8 dHJ1ZS8+CiAJPGtleT5zZWF0YmVsdC1wcm9maWxlczwva2V5PgogCTxhcnJheT4KIAkJPHN0cmlu Zz5jb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQ8L3N0cmluZz4KZGlmZiAtLWdpdCBhL1NvdXJj ZS9XZWJLaXQyL1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQu RGF0YWJhc2VzLnNiIGIvU291cmNlL1dlYktpdDIvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9p b3MvY29tLmFwcGxlLldlYktpdC5EYXRhYmFzZXMuc2IKaW5kZXggN2NmZGQ2NmE2OTkyMDI4ZjRj ZTEyZjZmNDM4ODhkNDdkMDY4Mjg4Ni4uNmY4NzBiMjdlOWVhY2RhYjE5YjEyNTFmOWY3ODgxYzNl MmIyMTQ1OCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvUmVzb3VyY2VzL1NhbmRib3hQcm9m aWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5EYXRhYmFzZXMuc2IKKysrIGIvU291cmNlL1dlYktp dDIvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5EYXRhYmFz ZXMuc2IKQEAgLTI4LDIwICsyOCw1IEBACiAoaW1wb3J0ICJjb21tb24uc2IiKQogKGltcG9ydCAi cmVtb3ZlZC1kZXYtbm9kZXMuc2IiKQogCi07OyBTYW5kYm94IGV4dGVuc2lvbnMKLShkZWZpbmUg KGFwcGx5LXJlYWQtYW5kLWlzc3VlLWV4dGVuc2lvbiBvcCBwYXRoLWZpbHRlcikKLSAgICAob3Ag ZmlsZS1yZWFkKiBwYXRoLWZpbHRlcikKLSAgICAob3AgZmlsZS1pc3N1ZS1leHRlbnNpb24gKHJl cXVpcmUtYWxsIChleHRlbnNpb24tY2xhc3MgImNvbS5hcHBsZS5hcHAtc2FuZGJveC5yZWFkIikg cGF0aC1maWx0ZXIpKSkKLShkZWZpbmUgKGFwcGx5LXdyaXRlLWFuZC1pc3N1ZS1leHRlbnNpb24g b3AgcGF0aC1maWx0ZXIpCi0gICAgKG9wIGZpbGUtd3JpdGUqIHBhdGgtZmlsdGVyKQotICAgIChv cCBmaWxlLWlzc3VlLWV4dGVuc2lvbiAocmVxdWlyZS1hbGwgKGV4dGVuc2lvbi1jbGFzcyAiY29t LmFwcGxlLmFwcC1zYW5kYm94LnJlYWQtd3JpdGUiKSBwYXRoLWZpbHRlcikpKQotKGRlZmluZSAo cmVhZC1vbmx5LWFuZC1pc3N1ZS1leHRlbnNpb25zIHBhdGgtZmlsdGVyKQotICAgIChhcHBseS1y ZWFkLWFuZC1pc3N1ZS1leHRlbnNpb24gYWxsb3cgcGF0aC1maWx0ZXIpKQotKGRlZmluZSAocmVh ZC13cml0ZS1hbmQtaXNzdWUtZXh0ZW5zaW9ucyBwYXRoLWZpbHRlcikKLSAgICAoYXBwbHktcmVh ZC1hbmQtaXNzdWUtZXh0ZW5zaW9uIGFsbG93IHBhdGgtZmlsdGVyKQotICAgIChhcHBseS13cml0 ZS1hbmQtaXNzdWUtZXh0ZW5zaW9uIGFsbG93IHBhdGgtZmlsdGVyKSkKLShyZWFkLW9ubHktYW5k LWlzc3VlLWV4dGVuc2lvbnMgKGV4dGVuc2lvbiAiY29tLmFwcGxlLmFwcC1zYW5kYm94LnJlYWQi KSkKLShyZWFkLXdyaXRlLWFuZC1pc3N1ZS1leHRlbnNpb25zIChleHRlbnNpb24gImNvbS5hcHBs ZS5hcHAtc2FuZGJveC5yZWFkLXdyaXRlIikpCi0KLShpZiAoZGVmaW5lZD8gJ3Zub2RlLXR5cGUp Ci0gICAgKGRlbnkgZmlsZS13cml0ZS1jcmVhdGUgKHZub2RlLXR5cGUgU1lNTElOSykpKQorKGFs bG93IGZpbGUtcmVhZCogZmlsZS13cml0ZSogKHJlcXVpcmUtYW55ICgKKyAgICBleHRlbnNpb24g ImNvbS5hcHBsZS5hcHAtc2FuZGJveC5yZWFkLXdyaXRlIikgKGV4dGVuc2lvbiAiY29tLmFwcGxl LmFwcC1zYW5kYm94LnJlYWQtd3JpdGUiKSkpCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9S ZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0Lk5ldHdvcmtpbmcu c2IgYi9Tb3VyY2UvV2ViS2l0Mi9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBw bGUuV2ViS2l0Lk5ldHdvcmtpbmcuc2IKaW5kZXggZWY1YTdhNDQwNDQyMTAwMjZkYjM1Y2M3NmU1 MTNjZDNiNTJlMjg3Ny4uMDFkMWU0MWUyNmJkODJjOGMzNWIwODVlYjU5OGZmMDBhYTU2OTljYSAx MDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3Mv Y29tLmFwcGxlLldlYktpdC5OZXR3b3JraW5nLnNiCisrKyBiL1NvdXJjZS9XZWJLaXQyL1Jlc291 cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0d29ya2luZy5zYgpA QCAtMzYsOCArMzYsOSBAQAogKGFsbG93IGZpbGUtcmVhZCogKGV4dGVuc2lvbiAiY29tLmFwcGxl LndlYmtpdC5yZWFkIikpCiAKIDs7IEFjY2VzcyB0byBjbGllbnQncyBjYWNoZSBmb2xkZXIgJiBy ZS12ZW5kaW5nIHRvIENGTmV0d29yay4KLShhbGxvdyBmaWxlLXJlYWQqIGZpbGUtd3JpdGUqIChl eHRlbnNpb24gImNvbS5hcHBsZS5uc3VybHN0b3JhZ2UuZXh0ZW5zaW9uLWNhY2hlIikpCi0oYWxs b3cgZmlsZS1pc3N1ZS1leHRlbnNpb24gKGV4dGVuc2lvbi1jbGFzcyAiY29tLmFwcGxlLm5zdXJs c3RvcmFnZS5leHRlbnNpb24tY2FjaGUiKSkKKyhhbGxvdyBmaWxlLWlzc3VlLWV4dGVuc2lvbiAo cmVxdWlyZS1hbGwKKyAgICAocmVxdWlyZS1hbnkgKGV4dGVuc2lvbiAiY29tLmFwcGxlLndlYmtp dC5yZWFkLXdyaXRlIikgKGV4dGVuc2lvbiAiY29tLmFwcGxlLmFwcC1zYW5kYm94LnJlYWQtd3Jp dGUiKSkKKyAgICAoZXh0ZW5zaW9uLWNsYXNzICJjb20uYXBwbGUubnN1cmxzdG9yYWdlLmV4dGVu c2lvbi1jYWNoZSIpKSkKIAogOzsgQXBwIHNhbmRib3ggZXh0ZW5zaW9ucwogKGFsbG93IGZpbGUt cmVhZCogZmlsZS13cml0ZSogKGV4dGVuc2lvbiAiY29tLmFwcGxlLmFwcC1zYW5kYm94LnJlYWQt d3JpdGUiKSkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1Jlc291cmNlcy9TYW5kYm94UHJv ZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYiBiL1NvdXJjZS9XZWJLaXQy L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVu dC5zYgppbmRleCA5ODM0ZDhmZjRiYTdiZjgxYWZhOTllYWE3MzgzYWMzYWI5MzVhNDA1Li44OGU1 ZmU0YjQ5M2U5NWMyZGViOTVmMGE1YTllODRjZWJjY2RhYmYyIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0Mi9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0Lldl YkNvbnRlbnQuc2IKKysrIGIvU291cmNlL1dlYktpdDIvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxl cy9pb3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiCkBAIC0zNiwxMiArMzYsMTUgQEAK IDs7IFRoaXMgaXMgdG9vIGdlbmVyb3VzIC0tIDxyZGFyOi8vcHJvYmxlbS8xNzQ5Njc1Nj4KIChh cHBsZS1jb29raWUtYWNjZXNzICd3aXRoLXJlYWQtd3JpdGUpCiAKKzs7IEFjY2VzcyB0byBtZWRp YSBjb250cm9scwogKHBsYXktbWVkaWEpCisobWVkaWEtcmVtb3RlKQogCiA7OyBSZWFkLW9ubHkg cHJlZmVyZW5jZXMgYW5kIGRhdGEKIChtb2JpbGUtcHJlZmVyZW5jZXMtcmVhZAogICAgICJjb20u YXBwbGUuTGF1bmNoU2VydmljZXMiCi0gICAgImNvbS5hcHBsZS5XZWJGb3VuZGF0aW9uIikKKyAg ICAiY29tLmFwcGxlLldlYkZvdW5kYXRpb24iCisgICAgImNvbS5hcHBsZS5tb2JpbGVpcG9kIikK IAogOzsgU2FuZGJveCBleHRlbnNpb25zCiAoZGVmaW5lIChhcHBseS1yZWFkLWFuZC1pc3N1ZS1l eHRlbnNpb24gb3AgcGF0aC1maWx0ZXIpCkBAIC02Niw4ICs2OSwxMCBAQAogICAgICAgICAgICAg KGV4dGVuc2lvbiAiY29tLmFwcGxlLmFwcC1zYW5kYm94LnJlYWQtd3JpdGUiKSkpKQogCiAKLShh bGxvdyBmaWxlLXJlYWQqIGZpbGUtd3JpdGUqIChleHRlbnNpb24gImNvbS5hcHBsZS5uc3VybHN0 b3JhZ2UuZXh0ZW5zaW9uLWNhY2hlIikpCi0oYWxsb3cgZmlsZS1pc3N1ZS1leHRlbnNpb24gKGV4 dGVuc2lvbi1jbGFzcyAiY29tLmFwcGxlLm5zdXJsc3RvcmFnZS5leHRlbnNpb24tY2FjaGUiKSkK Kzs7IEFjY2VzcyB0byBjbGllbnQncyBjYWNoZSBmb2xkZXIgJiByZS12ZW5kaW5nIHRvIENGTmV0 d29yay4KKyhhbGxvdyBmaWxlLWlzc3VlLWV4dGVuc2lvbiAocmVxdWlyZS1hbGwKKyAgICAocmVx dWlyZS1hbnkgKGV4dGVuc2lvbiAiY29tLmFwcGxlLndlYmtpdC5yZWFkLXdyaXRlIikgKGV4dGVu c2lvbiAiY29tLmFwcGxlLmFwcC1zYW5kYm94LnJlYWQtd3JpdGUiKSkKKyAgICAoZXh0ZW5zaW9u LWNsYXNzICJjb20uYXBwbGUubnN1cmxzdG9yYWdlLmV4dGVuc2lvbi1jYWNoZSIpKSkKIAogOzsg QWNjZXNzIHRvIG93biBjYWNoZSAmIHRlbXAgZm9sZGVycy4KIChhbGxvdyBmaWxlLXJlYWQqIChl eHRlbnNpb24gImNvbS5hcHBsZS53ZWJraXQucmVhZCIpKQo=