Bug 156668 - [Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
Summary: [Mac] Web Content service with a restricted entitlement may load arbitrary dy...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: mitz
URL:
Keywords: InRadar
Depends on:
Blocks: 173424
  Show dependency treegraph
 
Reported: 2016-04-16 14:30 PDT by mitz
Modified: 2017-06-15 10:45 PDT (History)
2 users (show)

See Also:

Attachments
Enable library validation when needed (2.24 KB, patch)
2016-04-16 14:34 PDT, mitz 		andersca: review+
Details | Formatted Diff | Diff
Enable library validation when needed (2.41 KB, patch)
2016-06-13 20:34 PDT, mitz 		no flags Details | Formatted Diff | Diff
Enable library validation for El Capitan too (1.86 KB, patch)
2016-08-20 12:53 PDT, mitz 		sam: review+
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2016-04-16 14:30:39 PDT 
<rdar://problem/25429784>

When the changes for bug 155414 are in effect, the Web Content service is signed with a restricted entitlement but isn’t guarded against loading arbitrary dylibs.
Comment 1 mitz 2016-04-16 14:34:51 PDT 
Created attachment 276563 [details]
Enable library validation when needed
Comment 2 mitz 2016-04-16 14:37:08 PDT 
Fixed in <http://trac.webkit.org/r199628>.
Comment 3 mitz 2016-06-13 20:27:51 PDT 
This was reverted in <http://trac.webkit.org/r200172>.
Comment 4 mitz 2016-06-13 20:31:23 PDT 
Using <rdar://problem/26714558> to reenable in macOS Sierra and later.
Comment 5 mitz 2016-06-13 20:34:52 PDT 
Created attachment 281230 [details]
Enable library validation when needed
Comment 6 mitz 2016-06-13 21:01:35 PDT 
Committed <http://trac.webkit.org/r202024>.
Comment 7 mitz 2016-08-20 12:51:10 PDT 
Can do this for El Capitan as well now.
Comment 8 mitz 2016-08-20 12:53:06 PDT 
Created attachment 286544 [details]
Enable library validation for El Capitan too
Comment 9 mitz 2016-08-20 15:02:09 PDT 
Committed <https://trac.webkit.org/r204682>.