Bug 170074

Summary: Re-enable the network and web processes' keychain access to fix client certificate authentication
Product: WebKit Reporter: John Wilander <wilander>
Component: WebKit2Assignee: John Wilander <wilander>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, commit-queue, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=163710
Attachments:
Description Flags
Patch
none
Patch none

John Wilander
Reported 2017-03-24 13:39:55 PDT
https://bugs.webkit.org/show_bug.cgi?id=163710 caused a regression in client certificate authentication for macOS.
Attachments
Patch (1.87 KB, patch)
2017-03-24 13:46 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Patch (2.16 KB, patch)
2017-03-25 10:31 PDT, John Wilander 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
John Wilander
Comment 1 2017-03-24 13:41:38 PDT
rdar://problem/31095987
John Wilander
Comment 2 2017-03-24 13:46:19 PDT
Created attachment 305321 [details] Patch
Brent Fulgham
Comment 3 2017-03-24 16:40:40 PDT
Comment on attachment 305321 [details] Patch This looks great to me. r=me.
John Wilander
Comment 4 2017-03-24 16:42:44 PDT
Comment on attachment 305321 [details] Patch Thanks, Brent!
Alexey Proskuryakov
Comment 5 2017-03-24 16:48:51 PDT
Comment on attachment 305321 [details] Patch Shouldn't we remove the ifdef from WebProcess.sb too? There are still loads that occur in WebContent.
John Wilander
Comment 6 2017-03-24 16:57:30 PDT
I do not have a test case that requires a WebProcess.sb changes to pass. My failing test only needed the change in this patch. I'm happy to revisit.
Brent Fulgham
Comment 7 2017-03-24 17:03:12 PDT
(In reply to Alexey Proskuryakov from comment #5) > Comment on attachment 305321 [details] > Patch > > Shouldn't we remove the ifdef from WebProcess.sb too? There are still loads > that occur in WebContent. We believe the loads in WebContent are doing the right thing using the updated APIs, and so we want to keep them. If we discover evidence that we need to weaken WebProcess, too, we can do so once we have data indicating it is actually needed.
WebKit Commit Bot
Comment 8 2017-03-24 17:12:58 PDT
Comment on attachment 305321 [details] Patch Clearing flags on attachment: 305321 Committed r214389: <http://trac.webkit.org/changeset/214389>
WebKit Commit Bot
Comment 9 2017-03-24 17:13:02 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 10 2017-03-24 19:07:44 PDT
There was no evidence that the original change was safe, and I don't see any evidence presented that it's safe to keep in WebProcess. What did you test to see client certificate authentication work in WebProcess?
Alexey Proskuryakov
Comment 11 2017-03-24 19:11:21 PDT
Resource loading has always required identical sandbox rules in WebContent and Networking processes, so it's quite unlikely that this case is different.
Alexey Proskuryakov
Comment 12 2017-03-24 19:45:02 PDT
The reason why I'm re-opening this bug and not just filing a new one is that I do believe that the above invariant is important, so we should either restore it right away, or positively prove that it's not required any more.
Brent Fulgham
Comment 13 2017-03-24 22:40:50 PDT
That is certainly important information. It's a shame no one on the architecture team ever bothered to document this anywhere! Can you share which aspects of loading must be kept the same between the two processes? Certainly there are many more exceptions in WebProcess than NetworkProcess. Are any of them running afoul of this invariant,too? John: Can you please provide a supplemental patch to support this undocumented invariant, and please add a comment somewhere so that we remember to keep these in sync in the future?
John Wilander
Comment 14 2017-03-25 10:31:04 PDT
Created attachment 305382 [details] Patch
John Wilander
Comment 15 2017-03-25 10:33:32 PDT
My patch reverts the version check instead of doing an exact match with the network process sandbox. I don't want to change pre-existing sandbox behavior before we get client certificate authentication working again.
Brent Fulgham
Comment 16 2017-03-25 13:21:32 PDT
Comment on attachment 305382 [details] Patch R=me
WebKit Commit Bot
Comment 17 2017-03-25 14:19:57 PDT
Comment on attachment 305382 [details] Patch Clearing flags on attachment: 305382 Committed r214404: <http://trac.webkit.org/changeset/214404>
WebKit Commit Bot
Comment 18 2017-03-25 14:20:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.