RESOLVED FIXED 169306
[Mac][iOS][WK2] Whitelist sysctl-read
https://bugs.webkit.org/show_bug.cgi?id=169306
Summary [Mac][iOS][WK2] Whitelist sysctl-read
Brent Fulgham
Reported 2017-03-07 14:20:25 PST
We only have a small number of cases where we use sysctl in WebKit, and those cases are always in a read-only mode. Modify our sandboxes to limit 'sysctl' use to read-only, and whitelist that access for the very small number of cases we actually use: CTL_KERN, KERN_PROC. KERN_PROC_PID, # CTL_HW, HW_AVAILCPU CTL_HW, HW_NCPU hw.model kern.memorystatus_level
Attachments
Patch (7.05 KB, patch)
2017-03-07 14:22 PST, Brent Fulgham
no flags
Patch (6.82 KB, patch)
2017-03-07 14:23 PST, Brent Fulgham
achristensen: review+
Brent Fulgham
Comment 1 2017-03-07 14:20:43 PST
Brent Fulgham
Comment 2 2017-03-07 14:22:24 PST
Brent Fulgham
Comment 3 2017-03-07 14:23:35 PST
Brent Fulgham
Comment 4 2017-03-07 14:53:20 PST
Note You need to log in before you can comment on or make changes to this bug.