218999 2020-11-16 12:30:11 -0800 [macOS] Remove remote tcp capability from WebContent Sandbox 2020-11-16 14:08:05 -0800 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham pvollan oldest_to_newest 1707946 0 bfulgham 2020-11-16 12:30:11 -0800 We have moved all network activity (aside from some syslog use) out of the WebContent process. We no longer need the ability to open remote tcp connections, and should deny this in the sandbox. 1707947 1 bfulgham 2020-11-16 12:30:49 -0800 We do not have this power on iOS, and do not need it on macOS. I originally though there were media paths that needed this, but confirmed with the WebKit Media team that this is not the case, and performed local testing to confirm this. 1707948 2 bfulgham 2020-11-16 12:31:34 -0800 <rdar://problem/70355789> 1707950 3 414267 bfulgham 2020-11-16 12:33:49 -0800 Created attachment 414267 Patch 1707965 4 414267 pvollan 2020-11-16 13:06:21 -0800 Comment on attachment 414267 Patch Great! R=me. 1707988 5 ews-feeder 2020-11-16 14:08:04 -0800 Committed r269877: <https://trac.webkit.org/changeset/269877> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414267. 414267 2020-11-16 12:33:49 -0800 2020-11-16 14:08:05 -0800 Patch bug-218999-20201116123348.patch text/plain 3204 bfulgham U3VidmVyc2lvbiBSZXZpc2lvbjogMjY5NjUxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDAzYTY2NzlkZjRjM2RlMDky NWJlOWUyNDEwZmJhNTkxZjg0MWQ3OTYuLmQyYjJmOTI1NGU4ODQ4M2Y4MjFlYzVlNjY2Y2E3NzU2 Zjg0M2U5NDkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTkgQEAKKzIwMjAtMTEtMTYgIEJyZW50IEZ1 bGdoYW0gIDxiZnVsZ2hhbUBhcHBsZS5jb20+CisKKyAgICAgICAgW21hY09TXSBSZW1vdmUgcmVt b3RlIHRjcCBjYXBhYmlsaXR5IGZyb20gV2ViQ29udGVudCBTYW5kYm94CisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMTg5OTkKKyAgICAgICAgPHJkYXI6 Ly9wcm9ibGVtLzcwMzU1Nzg5PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFNpbmNlIHdlIGhhdmUgbW92ZWQgYWxsIG5ldHdvcmsgYWN0aXZpdHkgKGFz aWRlIGZyb20gc29tZSBzeXNsb2cgdXNlKSBvdXQgb2YgdGhlIFdlYkNvbnRlbnQKKyAgICAgICAg cHJvY2Vzcywgd2UgZG8gbm90IG5lZWQgdGhlIGFiaWxpdHkgdG8gb3BlbiByZW1vdGUgdGNwIGNv bm5lY3Rpb25zLiBXZSBzaG91bGQgZGVueSB0aGlzCisgICAgICAgIGNhcGFiaWxpdHkgZnJvbSBv dXIgbm9uLU5ldHdvcmsgc2FuZGJveGVzLgorCisgICAgICAgICogR1BVUHJvY2Vzcy9tYWMvY29t LmFwcGxlLldlYktpdC5HUFVQcm9jZXNzLnNiLmluOgorICAgICAgICAqIFdlYkF1dGhuUHJvY2Vz cy9tYWMvY29tLmFwcGxlLldlYktpdC5XZWJBdXRoblByb2Nlc3Muc2IuaW46CisgICAgICAgICog V2ViUHJvY2Vzcy9jb20uYXBwbGUuV2ViUHJvY2Vzcy5zYi5pbjoKKwogMjAyMC0xMS0xMCAgQnJl bnQgRnVsZ2hhbSAgPGJmdWxnaGFtQGFwcGxlLmNvbT4KIAogICAgICAgICBbbWFjT1NdIEFsbG93 IElPR0xFU0J1bmRsZU5hbWUgZm9yIEFwcGxlIFNpbGljb24gTWFjcwpkaWZmIC0tZ2l0IGEvU291 cmNlL1dlYktpdC9HUFVQcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LkdQVVByb2Nlc3Muc2Iu aW4gYi9Tb3VyY2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuR1BVUHJv Y2Vzcy5zYi5pbgppbmRleCAzMDczOTVmMDAzYjRmYzQ3ZmY0Y2Q3ZjcyODhlZGQyOTcyNmI4NGQw Li42ZTZkMzVmM2I3NjU0ZWNiOWY5MjFkY2ViMmNmOGJkY2U1MDM1M2NkIDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuR1BVUHJvY2Vzcy5z Yi5pbgorKysgYi9Tb3VyY2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQu R1BVUHJvY2Vzcy5zYi5pbgpAQCAtNjgwLDcgKzY4MCwxMCBAQAogI2VuZGlmCiAgICAgICAgOzsg T2JqQyBtYXBfaW1hZ2VzIG5lZWRzIHRvIHNlbmQgbG9nZ2luZyBkYXRhIHRvIHN5c2xvZy4gPHJk YXI6Ly9wcm9ibGVtLzM5Nzc4OTE4PgogICAgICAgIChsaXRlcmFsICIvcHJpdmF0ZS92YXIvcnVu L3N5c2xvZyIpCi0gICAgICAgKHJlbW90ZSB0Y3ApKQorI2lmIF9fTUFDX09TX1hfVkVSU0lPTl9N SU5fUkVRVUlSRUQgPD0gMTAxNTAwCisgICAgICAgKHJlbW90ZSB0Y3ApCisjZW5kaWYKKykKIAog OzsgQ0ZOZXR3b3JrCiAoYWxsb3cgZmlsZS1yZWFkLWRhdGEgKHBhdGggIi9wcml2YXRlL3Zhci9k Yi9uc3VybHN0b3JhZ2VkL2RhZnNhRGF0YS5iaW4iKSkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJL aXQvV2ViQXV0aG5Qcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LldlYkF1dGhuUHJvY2Vzcy5z Yi5pbiBiL1NvdXJjZS9XZWJLaXQvV2ViQXV0aG5Qcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0 LldlYkF1dGhuUHJvY2Vzcy5zYi5pbgppbmRleCBmYzVhZTY1YjM3NjRhYTZhN2RiMDJhMDJmOTJm ZjM0M2FlMzE0NGU4Li41Nzg5NzVlMDA3OTgwMjhmM2YwNTM5NDQ5NzZlYTVkMTc1Yzg4NzViIDEw MDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1dlYkF1dGhuUHJvY2Vzcy9tYWMvY29tLmFwcGxlLldl YktpdC5XZWJBdXRoblByb2Nlc3Muc2IuaW4KKysrIGIvU291cmNlL1dlYktpdC9XZWJBdXRoblBy b2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuV2ViQXV0aG5Qcm9jZXNzLnNiLmluCkBAIC0zODQs NyArMzg0LDcgQEAKIChhbGxvdyBuZXR3b3JrLW91dGJvdW5kCiAgICAgICAgOzsgT2JqQyBtYXBf aW1hZ2VzIG5lZWRzIHRvIHNlbmQgbG9nZ2luZyBkYXRhIHRvIHN5c2xvZy4gPHJkYXI6Ly9wcm9i bGVtLzM5Nzc4OTE4PgogICAgICAgIChsaXRlcmFsICIvcHJpdmF0ZS92YXIvcnVuL3N5c2xvZyIp Ci0gICAgICAgKHJlbW90ZSB0Y3ApKQorKQogCiA7OyBDRk5ldHdvcmsKIChhbGxvdyBmaWxlLXJl YWQtZGF0YSAocGF0aCAiL3ByaXZhdGUvdmFyL2RiL25zdXJsc3RvcmFnZWQvZGFmc2FEYXRhLmJp biIpKQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL2NvbS5hcHBsZS5XZWJQ cm9jZXNzLnNiLmluIGIvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL2NvbS5hcHBsZS5XZWJQcm9j ZXNzLnNiLmluCmluZGV4IGE1ZmJhYzA5NmU4MmQ2OTYxMzZmMmZjNDUzZTFmNmY5NDc5ZTg1OWYu LjdmMTNmZGJiMjlkZjYzNjQwODQ1MDAwYWI0OTNlNDNjZDVmYTU3NDQgMTAwNjQ0Ci0tLSBhL1Nv dXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9jb20uYXBwbGUuV2ViUHJvY2Vzcy5zYi5pbgorKysgYi9T b3VyY2UvV2ViS2l0L1dlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Muc2IuaW4KQEAgLTEw MzQsNyArMTAzNCwxMCBAQAogI2VuZGlmCiAgICAgICAgOzsgT2JqQyBtYXBfaW1hZ2VzIG5lZWRz IHRvIHNlbmQgbG9nZ2luZyBkYXRhIHRvIHN5c2xvZy4gPHJkYXI6Ly9wcm9ibGVtLzM5Nzc4OTE4 PgogICAgICAgIChsaXRlcmFsICIvcHJpdmF0ZS92YXIvcnVuL3N5c2xvZyIpCi0gICAgICAgKHJl bW90ZSB0Y3ApKQorI2lmIF9fTUFDX09TX1hfVkVSU0lPTl9NSU5fUkVRVUlSRUQgPD0gMTAxNTAw CisgICAgICAgKHJlbW90ZSB0Y3ApCisjZW5kaWYKKykKIAogOzsgQ0ZOZXR3b3JrCiAoYWxsb3cg ZmlsZS1yZWFkLWRhdGEgKHBhdGggIi9wcml2YXRlL3Zhci9kYi9uc3VybHN0b3JhZ2VkL2RhZnNh RGF0YS5iaW4iKSkK