120182 – Need to disable FakeSYSVSHM when sandboxing is not enabled

Bug 120182 - Need to disable FakeSYSVSHM when sandboxing is not enabled

Summary: Need to disable FakeSYSVSHM when sandboxing is not enabled

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac Unspecified

Importance:	P1 Critical
Assignee:	Simon Cooper

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2013-08-22 17:07 PDT by Simon Cooper
Modified:	2013-08-22 21:38 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (1.74 KB, patch) 2013-08-22 17:13 PDT, Simon Cooper	no flags	Details \| Formatted Diff \| Diff
Patch (2.03 KB, patch) 2013-08-22 17:52 PDT, Simon Cooper	no flags	Details \| Formatted Diff \| Diff
Patch (2.04 KB, patch) 2013-08-22 20:05 PDT, Simon Cooper	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Cooper 2013-08-22 17:07:17 PDT

Need to disable FakeSYSVSHM when sandboxing is not enabled

Comment 1 Simon Cooper 2013-08-22 17:13:38 PDT

Created attachment 209408 [details]
Patch

Comment 2 Simon Cooper 2013-08-22 17:20:01 PDT

To test this,

a) Visit Youtube.com (make sure you are not in the HTML5 beta, so that you get flash)

b) use activity monitor to verify the flash player is sandboxed

c) use "sudo ipcs" to see if there are any shared memory segments registered
   (there should not be any -- specific none with the key "0x53414e44")

d) Go to Safari -> Preferences -> Security -> Manage Webite Settings.  Allow the Flash Player to "Run in Unsafe Mode" for Youtube.com.

e) Refresh the page

f) use activity monitor to see that there is now a flash player that is unsandboxed
   (note, you may also see a sandboxed player if you did not stop / start Safari)

g) use "sudo ipcs" to see that there is now a shared memory segment registered using the key "0x53414e44".

Comment 3 Build Bot 2013-08-22 17:27:24 PDT

Comment on attachment 209408 [details]
Patch

Attachment 209408 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/1523745

Comment 4 Build Bot 2013-08-22 17:36:30 PDT

Comment on attachment 209408 [details]
Patch

Attachment 209408 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/1526472

Comment 5 Simon Cooper 2013-08-22 17:52:45 PDT

Created attachment 209413 [details]
Patch

Comment 6 Simon Cooper 2013-08-22 17:56:44 PDT

Because this uses header information not available on the open source builders I’ve had to guard and include the specific pieces that are necessary.

The updated patch will work on both internal and external builders (and create the same result).

Comment 7 Build Bot 2013-08-22 18:19:37 PDT

Comment on attachment 209413 [details]
Patch

Attachment 209413 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/1546130

Comment 8 Build Bot 2013-08-22 18:34:29 PDT

Comment on attachment 209413 [details]
Patch

Attachment 209413 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/1555092

Comment 9 Simon Cooper 2013-08-22 20:05:08 PDT

Created attachment 209426 [details]
Patch

Comment 10 Simon Cooper 2013-08-22 20:08:13 PDT

The file is Objective-C++ but sandbox_check() is a C function, so need to declare it correctly for the open source webkit builders.

Comment 11 WebKit Commit Bot 2013-08-22 21:38:51 PDT

Comment on attachment 209426 [details]
Patch

Clearing flags on attachment: 209426

Committed r154473: <http://trac.webkit.org/changeset/154473>

Comment 12 WebKit Commit Bot 2013-08-22 21:38:53 PDT

All reviewed patches have been landed.  Closing bug.