Bug 183275 - Safari uses WebContent.Development when loading injected bundle embedded in its app bundle
Summary: Safari uses WebContent.Development when loading injected bundle embedded in i...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Local Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 183276 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-03-01 22:52 PST by mitz
Modified: 2018-03-02 00:22 PST (History)
9 users (show)

See Also:


Attachments
Never allow non-valid injected code into a Web Content process serving a platform binary (2.89 KB, patch)
2018-03-01 23:03 PST, mitz
thorton: review+
Details | Formatted Diff | Diff
Never allow non-valid injected code into a Web Content process serving a platform binary (3.41 KB, patch)
2018-03-01 23:44 PST, mitz
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2018-03-01 22:52:09 PST
WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code.

Patch forthcoming.
Comment 1 Tim Horton 2018-03-01 22:54:32 PST
*** Bug 183276 has been marked as a duplicate of this bug. ***
Comment 2 mitz 2018-03-01 23:02:07 PST
*** Bug 183276 has been marked as a duplicate of this bug. ***
Comment 3 mitz 2018-03-01 23:03:21 PST
Created attachment 334881 [details]
Never allow non-valid injected code into a Web Content process serving a platform binary
Comment 4 mitz 2018-03-01 23:19:11 PST
Comment on attachment 334881 [details]
Never allow non-valid injected code into a Web Content process serving a platform binary

View in context: https://bugs.webkit.org/attachment.cgi?id=334881&action=review

> Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm:59
> +    static bool isPlatformBinary = [] {
> +        return SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get()) & CS_PLATFORM_BINARY;
> +    }();

Tim pointed out the silliness in using a lambda here.
Comment 5 mitz 2018-03-01 23:44:00 PST
Created attachment 334883 [details]
Never allow non-valid injected code into a Web Content process serving a platform binary
Comment 6 mitz 2018-03-02 00:21:06 PST
Fixed in <https://trac.webkit.org/r229168>.
Comment 7 Radar WebKit Bug Importer 2018-03-02 00:22:28 PST
<rdar://problem/38059174>