Bug 135134

Summary: Correct sandbox profiles to fix some excess privileges
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal CC: darin
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ap: review+, ap: commit-queue-

Oliver Hunt
Reported 2014-07-21 16:41:56 PDT
Correct sandbox profiles to fix some excess privileges
Attachments
Patch (6.05 KB, patch)
2014-07-21 16:50 PDT, Oliver Hunt 		ap: review+
ap: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2014-07-21 16:50:06 PDT
Created attachment 235253 [details] Patch
Alexey Proskuryakov
Comment 2 2014-07-21 17:05:58 PDT
Comment on attachment 235253 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32 > +(allow file-read* file-write* (require-any ( > + extension "com.apple.app-sandbox.read-write") (extension "com.apple.app-sandbox.read-write"))) This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please fix. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) I think that com.apple.webkit.read-write is here by some misunderstanding. Please remove, or at the very least, please add a FIXME about removing it. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) Ditto.
Oliver Hunt
Comment 3 2014-07-21 17:11:05 PDT
Committed r171322: <http://trac.webkit.org/changeset/171322>
Darin Adler
Comment 4 2014-07-21 17:17:57 PDT
(In reply to comment #3) > Committed r171322: <http://trac.webkit.org/changeset/171322> This contained the string “webkti” in a couple places.
Note You need to log in before you can comment on or make changes to this bug.