| Summary: | [Linux] SeccompFilters: improve the port-agnostic whitelist | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKit2 | Assignee: | Michael Catanzaro <mcatanzaro> |
| Status: | RESOLVED FIXED | ||
| Severity: | Enhancement | CC: | cgarcia, commit-queue, mcatanzaro, tmpsantos, zan |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Bug Depends on: | |||
| Bug Blocks: | 110014, 140065 | ||
| Attachments: | |||
|
Description
Michael Catanzaro
2015-01-04 18:50:04 PST
(In reply to comment #0) > * /var/tmp -- this is unfortunate, but with recent enough mesa (for DRI3) > and barring a configure-time override (which Debian wisely does), shared > memory winds up here: https://bugzilla.redhat.com/show_bug.cgi?id=1172869 > * mesa configuration files > * Various directories needed by udev I currently have access to these directories disabled if compiled without support for mesa, but I wonder if it's wiser to just unconditionally allow them to avoid potential future breakage. Created attachment 243951 [details]
Patch
Created attachment 249298 [details]
[Linux] SeccompFilters: improve the port-agnostic whitelist
Comment on attachment 249298 [details] [Linux] SeccompFilters: improve the port-agnostic whitelist So, this is the first patch in my series. The goal here is the same as in bug #142987, but I've spent enough time rebasing this series already that I'd rather commit them separately, especially since that patch is the last in the series and this is the first, it would just be a pain. So this one alone doesn't really accomplish much (well, it makes accelerated compositing work), it's just a bit better than what we have now.... Comment on attachment 249298 [details] [Linux] SeccompFilters: improve the port-agnostic whitelist View in context: https://bugs.webkit.org/attachment.cgi?id=249298&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:194 > + // Needed by at-spi2. > + addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite); Is this truly port-agnostic, or is it specific to GNOME/GTK? > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:216 > + // Try removing this permission when we can rely on a newer libxshmfence. Put a FIXME here. (In reply to comment #5) > Is this truly port-agnostic, or is it specific to GNOME/GTK? It's used by both EFL and GTK. In general, I don't mind giving a few extra permissions even if they're not needed (e.g. I assume WPE may not use ATK) since if you don't use at-spi2 then it's pretty unlikely you'd put important data in a folder named at-spi2. However in this case it's actually bad, since at-spi2 is not in the name of the permission at all. /run/user/1000 is quite wide a permission. I'll create a new bug #143004 to narrow this permission. > Put a FIXME here. OK (although it's removed in one of the follow-up patches) (In reply to comment #6) > (In reply to comment #5) > > Is this truly port-agnostic, or is it specific to GNOME/GTK? > > It's used by both EFL and GTK. In general, I don't mind giving a few extra > permissions even if they're not needed (e.g. I assume WPE may not use ATK) > since if you don't use at-spi2 then it's pretty unlikely you'd put important > data in a folder named at-spi2. However in this case it's actually bad, > since at-spi2 is not in the name of the permission at all. /run/user/1000 is > quite wide a permission. I'll create a new bug #143004 to narrow this > permission. > Place a FIXME comment above this code, a note about the problem and link to the bug, and we can move forward with this. Created attachment 249490 [details]
[Linux] SeccompFilters: improve the port-agnostic whitelist
Added FIXMEs
Created attachment 249491 [details]
[Linux] SeccompFilters: improve the port-agnostic whitelist
Actually added FIXMEs
Comment on attachment 249491 [details] [Linux] SeccompFilters: improve the port-agnostic whitelist Clearing flags on attachment: 249491 Committed r182021: <http://trac.webkit.org/changeset/182021> All reviewed patches have been landed. Closing bug. |