RESOLVED FIXED 142987
[Seccomp] Further improvements to default web process policy
https://bugs.webkit.org/show_bug.cgi?id=142987
Summary [Seccomp] Further improvements to default web process policy
Michael Catanzaro
Reported 2015-03-23 15:06:27 PDT
Further improvements to default web process policy
Attachments
[Linux] Improvements to SyscallPolicy (7.98 KB, patch)
2015-03-23 15:19 PDT, Michael Catanzaro
no flags
Patch (7.92 KB, patch)
2015-07-28 14:18 PDT, Michael Catanzaro
zan: review+
Michael Catanzaro
Comment 1 2015-03-23 15:19:11 PDT
Created attachment 249284 [details] [Linux] Improvements to SyscallPolicy
Michael Catanzaro
Comment 2 2015-07-28 14:17:40 PDT
OK Zan, last bug for now!
Michael Catanzaro
Comment 3 2015-07-28 14:18:59 PDT
Zan Dobersek
Comment 4 2015-07-29 03:27:22 PDT
Comment on attachment 257685 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257685&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:264 > + char* gstreamerPluginDirectory = getenv("GST_PLUGIN_PATH_1_0"); > + if (gstreamerPluginDirectory) > + addDirectoryPermission(gstreamerPluginDirectory, Read); > + char* gstreamerRegistryFile = getenv("GST_REGISTRY_1_0"); > + if (gstreamerRegistryFile) > + addFilePermission(gstreamerRegistryFile, ReadAndWrite); Consider if (char* envVariable = getenv("name")) addFilePermission(envVariable, ...);
Michael Catanzaro
Comment 5 2015-07-29 08:37:11 PDT
OK. Is that new in C++11, or have you always been able to do that? I saw it for the first time last year and keep forgetting that it's possible.
Michael Catanzaro
Comment 6 2015-07-29 08:53:55 PDT
Zan Dobersek
Comment 7 2015-07-29 13:16:12 PDT
(In reply to comment #5) > OK. Is that new in C++11, or have you always been able to do that? I saw it > for the first time last year and keep forgetting that it's possible. It's older than C++11. Not sure about 'always'.
Note You need to log in before you can comment on or make changes to this bug.