Bug 225661

Summary: [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encountered
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ap, bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225623

Brent Fulgham
Reported 2021-05-11 10:33:21 PDT
We could improve our sandbox slightly by only extending access to 'com.apple.print.normalizerd' when we encounter EPS content. It's not used in other content, and these files are fairly uncommon.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-05-11 10:33:43 PDT
<rdar://problem/77853004>
Alexey Proskuryakov
Comment 2 2021-05-11 10:58:12 PDT
When an attacker has code execution already, isn't it up to them to decide what to tell UI process about content type? This would seem like a trivially minor nuisance to the attacker to bypass.
Note You need to log in before you can comment on or make changes to this bug.