Bug 200543

Summary: [Mac] Use the PID of the WebContent process when issuing local file read sandbox extensions
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, cdumez, cmarcelo, commit-queue, dbates, ews-watchlist, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 200772, 202012    
Bug Blocks: 206544    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
bfulgham: review+, bfulgham: commit-queue-
Patch none

Per Arne Vollan
Reported 2019-08-08 11:23:01 PDT
When issuing local file read sandbox extensions, use the process identifier of the WebContent process.
Attachments
Patch (7.11 KB, patch)
2019-08-08 11:47 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.12 KB, patch)
2019-08-08 12:47 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (8.23 KB, patch)
2019-08-17 22:12 PDT, Per Arne Vollan 		bfulgham: review+
bfulgham: commit-queue-
DetailsFormatted DiffDiff
Patch (8.20 KB, patch)
2019-08-18 11:54 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2019-08-08 11:28:33 PDT
rdar://problem/49394015
Per Arne Vollan
Comment 2 2019-08-08 11:47:47 PDT
Created attachment 375829 [details] Patch
Brent Fulgham
Comment 3 2019-08-08 12:24:47 PDT
Comment on attachment 375829 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=375829&action=review Looks good. > Source/WebKit/ChangeLog:9 > + the WebContent process. Maybe it would be better phrased as: "Adopt SPI to issue a process-specific sandbox extension for local file read, passing it the process identifier of the WebContent process."
Per Arne Vollan
Comment 4 2019-08-08 12:43:12 PDT
(In reply to Brent Fulgham from comment #3) > Comment on attachment 375829 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=375829&action=review > > Looks good. > > > Source/WebKit/ChangeLog:9 > > + the WebContent process. > > Maybe it would be better phrased as: > > "Adopt SPI to issue a process-specific sandbox extension for local file > read, passing it the process identifier of the WebContent process." Thanks for reviewing! I will update the patch.
Per Arne Vollan
Comment 5 2019-08-08 12:47:19 PDT
Created attachment 375832 [details] Patch
WebKit Commit Bot
Comment 6 2019-08-08 13:32:48 PDT
Comment on attachment 375832 [details] Patch Clearing flags on attachment: 375832 Committed r248440: <https://trac.webkit.org/changeset/248440>
Per Arne Vollan
Comment 7 2019-08-17 22:12:41 PDT
Created attachment 376628 [details] Patch
Brent Fulgham
Comment 8 2019-08-18 08:28:18 PDT
Comment on attachment 376628 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=376628&action=review I think the log message should be changed, but otherwise this looks good. R=me. > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357 > + WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data()); Thislog message could leak potentially private user data to our logs. Could you change it to one of the LOG_DEBUG macros, or perhaps just remove the path from the log file? it should be enough to log that a file extension could not be generated.
Per Arne Vollan
Comment 9 2019-08-18 11:54:43 PDT
Created attachment 376647 [details] Patch
Per Arne Vollan
Comment 10 2019-08-18 11:56:33 PDT
(In reply to Brent Fulgham from comment #8) > Comment on attachment 376628 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=376628&action=review > > I think the log message should be changed, but otherwise this looks good. > R=me. > > > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357 > > + WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data()); > > Thislog message could leak potentially private user data to our logs. Could > you change it to one of the LOG_DEBUG macros, or perhaps just remove the > path from the log file? it should be enough to log that a file extension > could not be generated. Done. Thanks for reviewing!
WebKit Commit Bot
Comment 11 2019-08-18 12:38:13 PDT
Comment on attachment 376647 [details] Patch Clearing flags on attachment: 376647 Committed r248832: <https://trac.webkit.org/changeset/248832>
Note You need to log in before you can comment on or make changes to this bug.