Bug 276193

Summary:	Add validation to file-backed blobs from WebContent
Product:	WebKit	Reporter:	pascoe <pascoe>
Component:	WebKit Misc.	Assignee:	pascoe <pascoe>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	278656
Bug Blocks:

pascoe@apple.com

Reported 2024-07-03 13:15:13 PDT

WebContent processes shouldn't be able to register arbitrary paths to attempt access via a network process. This bug is to add validation to file-backed-blobs in the network process to confirm the web content process that requested their creation has permissions to access that given path.

Attachments
Add attachment proposed patch, testcase, etc.

pascoe@apple.com

Comment 1 2024-07-03 13:15:25 PDT

rdar://80200949

pascoe@apple.com

Comment 2 2024-07-03 13:36:57 PDT

Pull request: https://github.com/WebKit/WebKit/pull/30459

EWS

Comment 3 2024-08-07 16:14:34 PDT

Committed 281966@main (9febfdbe1756): <https://commits.webkit.org/281966@main> Reviewed commits have been landed. Closing PR #30459 and removing active labels.

EWS

Comment 4 2024-08-12 14:23:24 PDT

Committed 280938.221@safari-7619-branch (8c50cdf756c5): <https://commits.webkit.org/280938.221@safari-7619-branch> Reviewed commits have been landed. Closing PR #1583 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.