Bug 221611 - [macOS] Deny mach-lookup to the service 'com.apple.trustd.agent'
Summary: [macOS] Deny mach-lookup to the service 'com.apple.trustd.agent'
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-02-09 08:58 PST by Per Arne Vollan
Modified: 2021-02-09 10:03 PST (History)
2 users (show)

See Also:


Attachments
Patch (1.65 KB, patch)
2021-02-09 09:00 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2021-02-09 08:58:51 PST
Deny mach-lookup to the service 'com.apple.trustd.agent' in the WebContent process on macOS.
Comment 1 Per Arne Vollan 2021-02-09 08:59:09 PST
<rdar://68935818>
Comment 2 Per Arne Vollan 2021-02-09 09:00:37 PST
Created attachment 419729 [details]
Patch
Comment 3 Brent Fulgham 2021-02-09 09:57:07 PST
Comment on attachment 419729 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=419729&action=review

r=me

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-1090
> -    (global-name "com.apple.trustd.agent")

Do we need to allow this for older OS'es? Or is the dynamic extension used on all shipping platforms?
Comment 4 Per Arne Vollan 2021-02-09 09:59:56 PST
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 419729 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=419729&action=review
> 
> r=me
> 
> > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-1090
> > -    (global-name "com.apple.trustd.agent")
> 
> Do we need to allow this for older OS'es? Or is the dynamic extension used
> on all shipping platforms?

Yes, the dynamic extension should be in place for older OS'es as well.

Thanks for reviewing!
Comment 5 EWS 2021-02-09 10:03:34 PST
Committed r272585: <https://commits.webkit.org/r272585>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 419729 [details].