189963 – [WPE][GTK] Fix file:// URI access in sandbox

RESOLVED INVALID 189963

[WPE][GTK] Fix file:// URI access in sandbox

https://bugs.webkit.org/show_bug.cgi?id=189963

Summary [WPE][GTK] Fix file:// URI access in sandbox

Patrick Griffis

Reported 2018-09-25 11:40:07 PDT

Currently `file://` URIs are all handled by the NetworkProcess which does not have filesystem access. Granting that access would defeat the purpose of the sandbox so this needs to be moved out of this process. One idea would be creating a new LocalFileProcess or such so it could work but doesn't compromise every websites NetworkProcess. This cannot be solved by simply mounting requested URIs dynamically at runtime as all `bwrap` permissions happen once at process creation and adding bind mounts later would require root permissions which is not ideal. We also cannot use the `document-portal` that flatpak uses because it does not handle directories yet and doesn't have any solid plans how to do so.

Attachments
Add attachment proposed patch, testcase, etc.

Patrick Griffis

Comment 1 2018-10-15 08:08:45 PDT

We've decided to trust the NetworkProcess for now and not sandbox it so this no longer applies.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2018-09-25 11:40 PDT

Modified

2018-10-15 08:08 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks

189956

Dependencies

tree graph