RESOLVED FIXED 135134
Correct sandbox profiles to fix some excess privileges
https://bugs.webkit.org/show_bug.cgi?id=135134
Summary Correct sandbox profiles to fix some excess privileges
Oliver Hunt
Reported 2014-07-21 16:41:56 PDT
Correct sandbox profiles to fix some excess privileges
Attachments
Patch (6.05 KB, patch)
2014-07-21 16:50 PDT, Oliver Hunt
ap: review+
ap: commit-queue-
Oliver Hunt
Comment 1 2014-07-21 16:50:06 PDT
Alexey Proskuryakov
Comment 2 2014-07-21 17:05:58 PDT
Comment on attachment 235253 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235253&action=review > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:32 > +(allow file-read* file-write* (require-any ( > + extension "com.apple.app-sandbox.read-write") (extension "com.apple.app-sandbox.read-write"))) This is nonsense - com.apple.app-sandbox.read-write is repeated twice. Please fix. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:40 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) I think that com.apple.webkit.read-write is here by some misunderstanding. Please remove, or at the very least, please add a FIXME about removing it. > Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:74 > + (require-any (extension "com.apple.webkit.read-write") (extension "com.apple.app-sandbox.read-write")) Ditto.
Oliver Hunt
Comment 3 2014-07-21 17:11:05 PDT
Darin Adler
Comment 4 2014-07-21 17:17:57 PDT
(In reply to comment #3) > Committed r171322: <http://trac.webkit.org/changeset/171322> This contained the string “webkti” in a couple places.
Note You need to log in before you can comment on or make changes to this bug.