169306 – [Mac][iOS][WK2] Whitelist sysctl-read

RESOLVED FIXED 169306

[Mac][iOS][WK2] Whitelist sysctl-read

https://bugs.webkit.org/show_bug.cgi?id=169306

Summary [Mac][iOS][WK2] Whitelist sysctl-read

Brent Fulgham

Reported 2017-03-07 14:20:25 PST

We only have a small number of cases where we use sysctl in WebKit, and those cases are always in a read-only mode. Modify our sandboxes to limit 'sysctl' use to read-only, and whitelist that access for the very small number of cases we actually use: CTL_KERN, KERN_PROC. KERN_PROC_PID, # CTL_HW, HW_AVAILCPU CTL_HW, HW_NCPU hw.model kern.memorystatus_level

Attachments
Patch (7.05 KB, patch) 2017-03-07 14:22 PST, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (6.82 KB, patch) 2017-03-07 14:23 PST, Brent Fulgham	achristensen: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2017-03-07 14:20:43 PST

<rdar://problem/16371458>

Brent Fulgham

Comment 2 2017-03-07 14:22:24 PST

Created attachment 303724 [details] Patch

Brent Fulgham

Comment 3 2017-03-07 14:23:35 PST

Created attachment 303725 [details] Patch

Brent Fulgham

Comment 4 2017-03-07 14:53:20 PST

Committed r213544: <http://trac.webkit.org/changeset/213544>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS macOS 10.12

Product WebKit

Component WebKit2

Assignee

Brent Fulgham

Reported

2017-03-07 14:20 PST

Modified

2017-03-07 14:53 PST History

CC List

0 users

URL

Keywords InRadar

Depends on

Blocks