Bug 225661

Summary: [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encountered
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ap, bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225623

Description Brent Fulgham 2021-05-11 10:33:21 PDT 
We could improve our sandbox slightly by only extending access to 'com.apple.print.normalizerd' when we encounter EPS content. It's not used in other content, and these files are fairly uncommon.
Comment 1 Radar WebKit Bug Importer 2021-05-11 10:33:43 PDT 
<rdar://problem/77853004>
Comment 2 Alexey Proskuryakov 2021-05-11 10:58:12 PDT 
When an attacker has code execution already, isn't it up to them to decide what to tell UI process about content type? This would seem like a trivially minor nuisance to the attacker to bypass.