Bug 275690

Summary: [WPE][GTK] IPC socket should use SOCK_CLOEXEC on Linux
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   

Michael Catanzaro
Reported 2024-06-20 08:41:17 PDT
Instead of creating the IPC socket without CLOEXEC and then setting it afterwards if requested, instead create the socket with CLOEXEC and unset it afterwards if not requested. This closes the race window where the socket may leak into a subprocess spawned by another thread (which seems unlikely, but you never know what applications will do). There is still a race if using a custom WPE backend with the libwpe process launching API (which is inadvisable, because this means no sandbox).
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-06-20 08:58:17 PDT
(In reply to Michael Catanzaro from comment #0) > There is still a race if using a custom WPE backend with the libwpe process > launching API (which is inadvisable, because this means no sandbox). Actually, the race is there for the client socket always regardless. But that's unavoidable since the client socket needs to be leaked to the subprocess.
Michael Catanzaro
Comment 2 2024-06-20 09:40:40 PDT
https://github.com/WebKit/WebKit/pull/30005
EWS
Comment 3 2024-07-11 06:45:34 PDT
Committed 280858@main (23af623a3a7e): <https://commits.webkit.org/280858@main> Reviewed commits have been landed. Closing PR #30005 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.