Bug 233086

Summary:

[macOS] Block access to unused resources in the Networking process' sandbox

Product:

WebKit

Reporter:

Per Arne Vollan <pvollan>

Component:

WebKit Misc.

Assignee:

Per Arne Vollan <pvollan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, gavin.p, mazander, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	ews-feeder: commit-queue-
Patch	ews-feeder: commit-queue-
Patch	ews-feeder: commit-queue-
Patch	ews-feeder: commit-queue-
Patch	none
Patch	none
Patch	ews-feeder: commit-queue-
Patch	bfulgham: review+
Patch	none
Patch	none

Per Arne Vollan

Reported 2021-11-13 09:22:15 PST

Based on telemetry, block access to unused resources in the Networking process' sandbox on macOS.

Attachments
Patch (7.06 KB, patch) 2021-11-13 09:24 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (11.89 KB, patch) 2021-11-13 10:31 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (17.50 KB, patch) 2021-11-13 10:58 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-13 14:56 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-13 15:38 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.73 KB, patch) 2021-11-15 13:16 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-15 15:43 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (11.92 KB, patch) 2021-11-16 10:00 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (7.08 KB, patch) 2021-11-16 11:27 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (7.09 KB, patch) 2021-11-16 14:55 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (6.48 KB, patch) 2021-11-16 17:56 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (6.83 KB, patch) 2021-11-17 08:59 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (6.96 KB, patch) 2021-11-17 10:17 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (21.75 KB, patch) 2021-11-17 12:18 PST, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Patch (21.81 KB, patch) 2021-11-18 07:22 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (1.38 KB, patch) 2021-11-18 08:40 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Show Obsolete (13) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-11-13 09:22:46 PST

<rdar://problem/85376544>

Per Arne Vollan

Comment 2 2021-11-13 09:24:42 PST

Created attachment 444140 [details] Patch

Per Arne Vollan

Comment 3 2021-11-13 10:31:51 PST

Created attachment 444142 [details] Patch

Per Arne Vollan

Comment 4 2021-11-13 10:58:25 PST

Created attachment 444144 [details] Patch

Per Arne Vollan

Comment 5 2021-11-13 14:56:13 PST

Created attachment 444151 [details] Patch

Per Arne Vollan

Comment 6 2021-11-13 15:38:39 PST

Created attachment 444155 [details] Patch

Per Arne Vollan

Comment 7 2021-11-15 13:16:00 PST

Created attachment 444300 [details] Patch

Per Arne Vollan

Comment 8 2021-11-15 15:43:03 PST

Created attachment 444312 [details] Patch

Per Arne Vollan

Comment 9 2021-11-16 10:00:51 PST

Created attachment 444404 [details] Patch

Per Arne Vollan

Comment 10 2021-11-16 11:27:03 PST

Created attachment 444416 [details] Patch

Per Arne Vollan

Comment 11 2021-11-16 14:55:22 PST

Created attachment 444439 [details] Patch

Per Arne Vollan

Comment 12 2021-11-16 17:56:25 PST

Created attachment 444461 [details] Patch

Per Arne Vollan

Comment 13 2021-11-17 08:59:49 PST

Created attachment 444529 [details] Patch

Per Arne Vollan

Comment 14 2021-11-17 10:17:32 PST

Created attachment 444532 [details] Patch

Per Arne Vollan

Comment 15 2021-11-17 12:18:11 PST

Created attachment 444548 [details] Patch

Brent Fulgham

Comment 16 2021-11-17 16:17:26 PST

Comment on attachment 444548 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=444548&action=review > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157 > +(deny sysctl*) (with telemetry) Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry))

Per Arne Vollan

Comment 17 2021-11-17 18:06:18 PST

(In reply to Brent Fulgham from comment #16) > Comment on attachment 444548 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=444548&action=review > > > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157 > > +(deny sysctl*) (with telemetry) > > Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry)) Ah, that's a very good point, will fix. Thanks for reviewing!

Brent Fulgham

Comment 18 2021-11-17 18:33:16 PST

Comment on attachment 444548 [details] Patch R=me, if you fix the syntax error.

Per Arne Vollan

Comment 19 2021-11-18 07:22:25 PST

Created attachment 444671 [details] Patch

EWS

Comment 20 2021-11-18 07:52:49 PST

Committed r286003 (244400@main): <https://commits.webkit.org/244400@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444671 [details].

Per Arne Vollan

Comment 21 2021-11-18 08:40:43 PST

Reopening to attach new patch.

Per Arne Vollan

Comment 22 2021-11-18 08:40:44 PST

Created attachment 444682 [details] Patch

Brent Fulgham

Comment 23 2021-11-18 09:14:57 PST

Comment on attachment 444682 [details] Patch r=me

Per Arne Vollan

Comment 24 2021-11-18 09:31:46 PST

Comment on attachment 444682 [details] Patch Thanks for reviewing!

EWS

Comment 25 2021-11-18 09:59:04 PST

Committed r286010 (244403@main): <https://commits.webkit.org/244403@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444682 [details].

Note You need to log in before you can comment on or make changes to this bug.