Bug 185500

Summary: Drop-down Control borders missing
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebCore Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, bshafiei, commit-queue, dbates, jmarcell, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 193079    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Per Arne Vollan
Reported 2018-05-09 17:09:46 PDT
This can be seen when filing a bug on bugs.webkit.org.
Attachments
Patch (1.27 KB, patch)
2018-05-09 18:39 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (1.37 KB, patch)
2018-05-10 10:02 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (1.37 KB, patch)
2018-05-10 11:23 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2018-05-09 17:10:13 PDT
<rdar://problem/40093461>
Per Arne Vollan
Comment 2 2018-05-09 18:39:14 PDT
Created attachment 340058 [details] Patch
Alexey Proskuryakov
Comment 3 2018-05-09 19:39:43 PDT
Comment on attachment 340058 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=340058&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:643 > +(allow file-read-data (path-regex #"^/private/tmp/cv")) This looks super suspicious. Any process on the system can modify WebKit behavior by writing to this location? That can’t be right, and I don’t think that it’s ok to allow.
Per Arne Vollan
Comment 4 2018-05-09 21:09:36 PDT
(In reply to Alexey Proskuryakov from comment #3) > Comment on attachment 340058 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=340058&action=review > > > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:643 > > +(allow file-read-data (path-regex #"^/private/tmp/cv")) > > This looks super suspicious. Any process on the system can modify WebKit > behavior by writing to this location? That can’t be right, and I don’t think > that it’s ok to allow. This is intended as a temporary workaround until the underlying issue is fixed, but I do see your concern. Thanks for reviewing!
Brent Fulgham
Comment 5 2018-05-09 21:11:52 PDT
(In reply to Per Arne Vollan from comment #4) > (In reply to Alexey Proskuryakov from comment #3) > > Comment on attachment 340058 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=340058&action=review > > > > > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:643 > > > +(allow file-read-data (path-regex #"^/private/tmp/cv")) > > > > This looks super suspicious. Any process on the system can modify WebKit > > behavior by writing to this location? That can’t be right, and I don’t think > > that it’s ok to allow. > > This is intended as a temporary workaround until the underlying issue is > fixed, but I do see your concern. > > Thanks for reviewing! Yes, I agree with Alexey. I thought this sounded fine as a quick fix to allow someone to have proper function in a local build, but I don't think it's appropriate to land for general use. We need to help find and fix the underlying regression that is causing this widget drawing weirdness.
Per Arne Vollan
Comment 6 2018-05-09 21:23:37 PDT
(In reply to Brent Fulgham from comment #5) > (In reply to Per Arne Vollan from comment #4) > > (In reply to Alexey Proskuryakov from comment #3) > > > Comment on attachment 340058 [details] > > > Patch > > > > > > View in context: > > > https://bugs.webkit.org/attachment.cgi?id=340058&action=review > > > > > > > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:643 > > > > +(allow file-read-data (path-regex #"^/private/tmp/cv")) > > > > > > This looks super suspicious. Any process on the system can modify WebKit > > > behavior by writing to this location? That can’t be right, and I don’t think > > > that it’s ok to allow. > > > > This is intended as a temporary workaround until the underlying issue is > > fixed, but I do see your concern. > > > > Thanks for reviewing! > > Yes, I agree with Alexey. I thought this sounded fine as a quick fix to > allow someone to have proper function in a local build, but I don't think > it's appropriate to land for general use. > > We need to help find and fix the underlying regression that is causing this > widget drawing weirdness. Sounds good, thanks for reviewing!
Daniel Bates
Comment 7 2018-05-10 00:07:48 PDT
Comment on attachment 340058 [details] Patch r-‘ing per comment 3 and comment 5 and to get this patch out of the review and cq queues.
Per Arne Vollan
Comment 8 2018-05-10 10:02:01 PDT
Created attachment 340097 [details] Patch
Alexey Proskuryakov
Comment 9 2018-05-10 10:04:56 PDT
Comment on attachment 340097 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=340097&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:112 > + (allow file-read* file-write-unlink > + (extension "com.apple.cvms.kernel")) This seems to mean that a process with com.apple.cvms.kernel extension can read any files, and delete any files. > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:114 > + (allow file-read* file-write-unlink > + (prefix "/private/tmp/cvmsCodeSignObj")) Doesn't this have the same problem as the original patch?
Brent Fulgham
Comment 10 2018-05-10 10:43:25 PDT
Comment on attachment 340097 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=340097&action=review >> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:114 >> + (prefix "/private/tmp/cvmsCodeSignObj")) > > Doesn't this have the same problem as the original patch? Per Arne: Can you try this instead: (with-filter (extension "com.apple.cvms.kernel") (allow file-read* file-write-unlink (prefix "/private/tmp/cvmsCodeSignObj”)))
Per Arne Vollan
Comment 11 2018-05-10 11:23:44 PDT
Created attachment 340111 [details] Patch
Brent Fulgham
Comment 12 2018-05-10 12:12:49 PDT
Comment on attachment 340111 [details] Patch This version looks good, based on what we discussed with the sandboxing team. r=me
Per Arne Vollan
Comment 13 2018-05-10 12:15:20 PDT
Comment on attachment 340111 [details] Patch Thanks for reviewing, all!
WebKit Commit Bot
Comment 14 2018-05-10 12:38:10 PDT
Comment on attachment 340111 [details] Patch Clearing flags on attachment: 340111 Committed r231653: <https://trac.webkit.org/changeset/231653>
WebKit Commit Bot
Comment 15 2018-05-10 12:38:11 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.