221946 – Remove unneeded sandbox access to some file paths

Bug 221946 - Remove unneeded sandbox access to some file paths

Summary: Remove unneeded sandbox access to some file paths

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-02-15 19:23 PST by Brent Fulgham
Modified:	2021-02-16 14:48 PST (History)
CC List:	1 user (show)

See Also:	209938

Attachments
Patch (2.10 KB, patch) 2021-02-15 19:28 PST, Brent Fulgham	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2021-02-15 19:23:02 PST

The WebContent process sandbox has historically had access to variations of the /etc/passwd file. This access is not needed in the WebContent process, so we should remove it.

Comment 1 Brent Fulgham 2021-02-15 19:25:50 PST

<rdar://problem/62865856>

Comment 2 Brent Fulgham 2021-02-15 19:28:26 PST

Created attachment 420417 [details]
Patch

Comment 3 Per Arne Vollan 2021-02-15 19:48:53 PST

Comment on attachment 420417 [details]
Patch

R=me.

Comment 4 Brent Fulgham 2021-02-15 22:39:48 PST

It seems super unlikely that a media test would be affected by this change,  it I’ll try to grab a backtrace before landing.

Comment 5 Brent Fulgham 2021-02-16 11:24:56 PST

The test failure is with the GPU Process, which was not touched by this patch. I'm retrying the test run.

Comment 6 EWS 2021-02-16 14:48:02 PST

Committed r272930: <https://commits.webkit.org/r272930>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 420417 [details].