Bug 221946

Summary: Remove unneeded sandbox access to some file paths
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=209938
Attachments:
Description Flags
Patch none

Brent Fulgham
Reported 2021-02-15 19:23:02 PST
The WebContent process sandbox has historically had access to variations of the /etc/passwd file. This access is not needed in the WebContent process, so we should remove it.
Attachments
Patch (2.10 KB, patch)
2021-02-15 19:28 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-02-15 19:25:50 PST
<rdar://problem/62865856>
Brent Fulgham
Comment 2 2021-02-15 19:28:26 PST
Created attachment 420417 [details] Patch
Per Arne Vollan
Comment 3 2021-02-15 19:48:53 PST
Comment on attachment 420417 [details] Patch R=me.
Brent Fulgham
Comment 4 2021-02-15 22:39:48 PST
It seems super unlikely that a media test would be affected by this change, it I’ll try to grab a backtrace before landing.
Brent Fulgham
Comment 5 2021-02-16 11:24:56 PST
The test failure is with the GPU Process, which was not touched by this patch. I'm retrying the test run.
EWS
Comment 6 2021-02-16 14:48:02 PST
Committed r272930: <https://commits.webkit.org/r272930> All reviewed patches have been landed. Closing bug and clearing flags on attachment 420417 [details].
Note You need to log in before you can comment on or make changes to this bug.