214233 – REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because they are guarded with HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

RESOLVED FIXED 214233

REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because they are guarded with HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

https://bugs.webkit.org/show_bug.cgi?id=214233

Summary REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because ...

Darin Adler

Reported 2020-07-12 07:57:11 PDT

The change in r261152 intended to remove no-longer-needed conditionals that are now always true on Cocoa platforms. However, when I made that change I accidentally left 9 blocks of code guarded by HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN) behind. So these were all disabled! These 9 blocks of code must either be: 1) enabled unconditionally 2) guarded by #HAVE(AUDIT_TOKEN) 3) guarded by ENABLE(SANDBOX_EXTENSIONS)

Attachments
Patch (10.86 KB, patch) 2020-07-12 08:04 PDT, Darin Adler	no flags	Details Formatted Diff Diff
Patch (11.44 KB, patch) 2020-07-12 08:39 PDT, Darin Adler	no flags	Details Formatted Diff Diff
Patch (11.44 KB, patch) 2020-07-12 08:50 PDT, Darin Adler	no flags	Details Formatted Diff Diff
Patch (12.11 KB, patch) 2020-07-12 09:07 PDT, Darin Adler	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Darin Adler

Comment 1 2020-07-12 08:04:12 PDT Comment hidden (obsolete)

Created attachment 404096 [details] Patch

Darin Adler

Comment 2 2020-07-12 08:04:55 PDT

Patch enables these code paths unconditionally. I’ll count on EWS to detect if I need to guard these with HAVE(AUDIO_TOKEN) or ENABLE(SANDBOX_EXTENSIONS).

Darin Adler

Comment 3 2020-07-12 08:21:45 PDT

To fix the WinCairo build I am working on a revised version that puts more code inside ENABLE(SANDBOX_EXTENSIONS).

Darin Adler

Comment 4 2020-07-12 08:39:44 PDT Comment hidden (obsolete)

Created attachment 404098 [details] Patch

Darin Adler

Comment 5 2020-07-12 08:50:01 PDT Comment hidden (obsolete)

Created attachment 404099 [details] Patch

Darin Adler

Comment 6 2020-07-12 09:07:47 PDT

Created attachment 404101 [details] Patch

Darin Adler

Comment 7 2020-07-12 09:59:42 PDT

Ended up adding a couple ENABLE(SANDBOX_EXTENSIONS) guards. Patch is ready for review now.

Per Arne Vollan

Comment 8 2020-07-12 11:27:08 PDT

Comment on attachment 404101 [details] Patch R=me

EWS

Comment 9 2020-07-12 11:53:57 PDT

Committed r264283: <https://trac.webkit.org/changeset/264283> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404101 [details].

Radar WebKit Bug Importer

Comment 10 2020-07-12 11:54:12 PDT

<rdar://problem/65439117>

Fujii Hironori

Comment 11 2020-07-13 00:13:39 PDT

WinCairo can't load local files since this change. Filed: Bug 214248 – [WinCairo][WK2] REGRESSION (r264283): Can't load file: URL

Darin Adler

Comment 12 2020-07-13 13:34:35 PDT

rdar://64219585

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Critical

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Darin Adler

Reported

2020-07-12 07:57 PDT

Modified

2020-07-13 13:34 PDT History

CC List

9 users Show

URL

Keywords InRadar

Depends on

Blocks