214825 – Remember to check entitlement before communicating over XPC

RESOLVED FIXED214825

Remember to check entitlement before communicating over XPC

https://bugs.webkit.org/show_bug.cgi?id=214825

Summary Remember to check entitlement before communicating over XPC

Per Arne Vollan

Reported 2020-07-27 06:47:07 PDT

Remember to check entitlement before communicating over XPC with another WebKit process. This needs to be done to make sure that it really is a WebKit process on the other end.

Attachments
Patch (2.81 KB, patch) 2020-07-27 06:52 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (3.66 KB, patch) 2020-07-28 09:36 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (4.34 KB, patch) 2020-07-28 14:01 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (5.93 KB, patch) 2020-07-29 06:27 PDT, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Patch (6.01 KB, patch) 2020-07-30 07:22 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Per Arne Vollan

Comment 1 2020-07-27 06:52:54 PDT

Created attachment 405271 [details] Patch

Per Arne Vollan

Comment 2 2020-07-28 09:36:53 PDT

Created attachment 405366 [details] Patch

Per Arne Vollan

Comment 3 2020-07-28 09:37:14 PDT

Thanks for reviewing!

Per Arne Vollan

Comment 4 2020-07-28 14:01:33 PDT

Created attachment 405410 [details] Patch

Per Arne Vollan

Comment 5 2020-07-29 06:27:30 PDT

Created attachment 405453 [details] Patch

Brent Fulgham

Comment 6 2020-07-29 08:33:13 PDT

Comment on attachment 405453 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405453&action=review R=me > Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:47 > + WTFLogAlways("Audit token does not have required entitlement"); Should we just say what entitlement in the error message?

Per Arne Vollan

Comment 7 2020-07-30 07:22:59 PDT

Created attachment 405569 [details] Patch

Per Arne Vollan

Comment 8 2020-07-30 07:23:28 PDT

(In reply to Brent Fulgham from comment #6) > Comment on attachment 405453 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=405453&action=review > > R=me > > > Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:47 > > + WTFLogAlways("Audit token does not have required entitlement"); > > Should we just say what entitlement in the error message? Fixed. Thanks for reviewing!

EWS

Comment 9 2020-07-30 09:36:34 PDT

Committed r265087: <https://trac.webkit.org/changeset/265087> All reviewed patches have been landed. Closing bug and clearing flags on attachment 405569 [details].

Radar WebKit Bug Importer

Comment 10 2020-07-30 09:37:18 PDT

<rdar://problem/66331689>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Per Arne Vollan

Reported

2020-07-27 06:47 PDT

Modified

2020-07-30 09:37 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks