RESOLVED FIXED 183275
Safari uses WebContent.Development when loading injected bundle embedded in its app bundle 
https://bugs.webkit.org/show_bug.cgi?id=183275
Summary Safari uses WebContent.Development when loading injected bundle embedded in i...
mitz
Reported 2018-03-01 22:52:09 PST
WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code. Patch forthcoming.
Attachments
Never allow non-valid injected code into a Web Content process serving a platform binary (2.89 KB, patch)
2018-03-01 23:03 PST, mitz 		thorton: review+
DetailsFormatted DiffDiff
Never allow non-valid injected code into a Web Content process serving a platform binary (3.41 KB, patch)
2018-03-01 23:44 PST, mitz 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2018-03-01 22:54:32 PST
*** Bug 183276 has been marked as a duplicate of this bug. ***
mitz
Comment 2 2018-03-01 23:02:07 PST
*** Bug 183276 has been marked as a duplicate of this bug. ***
mitz
Comment 3 2018-03-01 23:03:21 PST
Created attachment 334881 [details] Never allow non-valid injected code into a Web Content process serving a platform binary
mitz
Comment 4 2018-03-01 23:19:11 PST
Comment on attachment 334881 [details] Never allow non-valid injected code into a Web Content process serving a platform binary View in context: https://bugs.webkit.org/attachment.cgi?id=334881&action=review > Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm:59 > + static bool isPlatformBinary = [] { > + return SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get()) & CS_PLATFORM_BINARY; > + }(); Tim pointed out the silliness in using a lambda here.
mitz
Comment 5 2018-03-01 23:44:00 PST
Created attachment 334883 [details] Never allow non-valid injected code into a Web Content process serving a platform binary
mitz
Comment 6 2018-03-02 00:21:06 PST
Fixed in <https://trac.webkit.org/r229168>.
Radar WebKit Bug Importer
Comment 7 2018-03-02 00:22:28 PST
<rdar://problem/38059174>
Note You need to log in before you can comment on or make changes to this bug.