WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
222148
Adopt com.apple.security.cs.jit-write-allowlist on internal builds
https://bugs.webkit.org/show_bug.cgi?id=222148
Summary
Adopt com.apple.security.cs.jit-write-allowlist on internal builds
Saam Barati
Reported
2021-02-18 17:38:33 PST
It'll prevent various pthread permissions switching APIs from working. But we can only do that on internal builds where we use the fast permission switching macro. We can't do it for open source builds, where we rely on the pthread API.
Attachments
WIP
(9.01 KB, patch)
2021-02-18 17:41 PST
,
Saam Barati
no flags
Details
Formatted Diff
Diff
work in progress.
(9.14 KB, patch)
2021-06-02 18:20 PDT
,
Mark Lam
no flags
Details
Formatted Diff
Diff
proposed patch.
(10.68 KB, patch)
2021-06-02 22:39 PDT
,
Mark Lam
no flags
Details
Formatted Diff
Diff
proposed patch.
(10.70 KB, patch)
2021-06-02 23:26 PDT
,
Mark Lam
pvollan
: review+
Details
Formatted Diff
Diff
proposed patch.
(10.70 KB, patch)
2021-06-16 15:23 PDT
,
Mark Lam
no flags
Details
Formatted Diff
Diff
Show Obsolete
(4)
View All
Add attachment
proposed patch, testcase, etc.
Saam Barati
Comment 1
2021-02-18 17:41:47 PST
Created
attachment 420890
[details]
WIP
Radar WebKit Bug Importer
Comment 2
2021-02-25 17:39:13 PST
<
rdar://problem/74769414
>
Mark Lam
Comment 3
2021-05-20 15:52:23 PDT
rdar://74284026
Mark Lam
Comment 4
2021-06-02 18:20:02 PDT
Created
attachment 430429
[details]
work in progress.
Mark Lam
Comment 5
2021-06-02 22:39:51 PDT
Created
attachment 430444
[details]
proposed patch.
Mark Lam
Comment 6
2021-06-02 23:26:58 PDT
Created
attachment 430446
[details]
proposed patch.
Per Arne Vollan
Comment 7
2021-06-03 11:14:25 PDT
Comment on
attachment 430446
[details]
proposed patch. R=me. Would it be sufficient to only add the entitlement to the WebContent XPC service?
Mark Lam
Comment 8
2021-06-03 11:29:43 PDT
(In reply to Per Arne Vollan from
comment #7
)
> Comment on
attachment 430446
[details]
> proposed patch. > > R=me. Would it be sufficient to only add the entitlement to the WebContent > XPC service?
Thanks. For our purpose, the goal of the entitlement isn't to gain access to something. Instead, by adopting the entitlement, we disable access to various pthread permissions switching APIs. Hence, we do want to add this entitlement to all processes because we want to disable those APIs on all processes.
Mark Lam
Comment 9
2021-06-16 15:23:57 PDT
Created
attachment 431613
[details]
proposed patch.
Per Arne Vollan
Comment 10
2021-06-16 15:43:53 PDT
Comment on
attachment 431613
[details]
proposed patch. R=me.
EWS
Comment 11
2021-06-16 16:37:08 PDT
Committed
r278966
(
238893@main
): <
https://commits.webkit.org/238893@main
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 431613
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug