Summary: | Correct sandbox profiles to fix some excess privileges | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Oliver Hunt <oliver> | ||||
Component: | New Bugs | Assignee: | Oliver Hunt <oliver> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | darin | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Oliver Hunt
2014-07-21 16:41:56 PDT
Created attachment 235253 [details]
Patch
Comment on attachment 235253 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32 > +(allow file-read* file-write* (require-any ( > + extension "com.apple.app-sandbox.read-write") (extension "com.apple.app-sandbox.read-write"))) This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please fix. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) I think that com.apple.webkit.read-write is here by some misunderstanding. Please remove, or at the very least, please add a FIXME about removing it. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) Ditto. Committed r171322: <http://trac.webkit.org/changeset/171322> (In reply to comment #3) > Committed r171322: <http://trac.webkit.org/changeset/171322> This contained the string “webkti” in a couple places. |