Bug 225370

Summary: [Cocoa] Remove access to the unused 'nvram' system command
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pvollan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Brent Fulgham
Reported 2021-05-04 16:05:17 PDT
Deny access to 'nvram' in the WebKit sandboxes. No API surface interacts with this low-level feature, and other system sandboxes already deny it. It should not have been possible to reach nvram, but there's no reason to allow the sandbox to access it. <rdar://problem/66583129>
Attachments
Patch (5.51 KB, patch)
2021-05-04 16:07 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-05-04 16:07:49 PDT
Created attachment 427709 [details] Patch
Brent Fulgham
Comment 2 2021-05-04 16:35:13 PDT
Confirmed proper function on iOS device and macOS. Waiting for EWS to show any other impact on downlevel platforms.
Per Arne Vollan
Comment 3 2021-05-05 10:02:15 PDT
Comment on attachment 427709 [details] Patch R=me.
EWS
Comment 4 2021-05-05 11:43:32 PDT
Committed r277032 (237345@main): <https://commits.webkit.org/237345@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427709 [details].
Radar WebKit Bug Importer
Comment 5 2021-05-05 11:44:16 PDT
<rdar://problem/77567746>
Note You need to log in before you can comment on or make changes to this bug.