223192 – Enforce subcommand filtering

Bug 223192 - Enforce subcommand filtering

Summary: Enforce subcommand filtering

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Per Arne Vollan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-03-15 10:31 PDT by Per Arne Vollan
Modified:	2021-03-15 14:23 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (7.43 KB, patch) 2021-03-15 10:37 PDT, Per Arne Vollan	no flags	Details \| Formatted Diff \| Diff
Patch (8.32 KB, patch) 2021-03-15 10:43 PDT, Per Arne Vollan	no flags	Details \| Formatted Diff \| Diff
Patch (8.65 KB, patch) 2021-03-15 11:38 PDT, Per Arne Vollan	no flags	Details \| Formatted Diff \| Diff
Patch (8.55 KB, patch) 2021-03-15 12:31 PDT, Per Arne Vollan	bfulgham: review+	Details \| Formatted Diff \| Diff
Patch (8.70 KB, patch) 2021-03-15 13:06 PDT, Per Arne Vollan	bfulgham: review- bfulgham: commit-queue-	Details \| Formatted Diff \| Diff
Patch (8.70 KB, patch) 2021-03-15 13:19 PDT, Per Arne Vollan	bfulgham: review+	Details \| Formatted Diff \| Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Per Arne Vollan 2021-03-15 10:31:18 PDT

Enforce subcommand filtering in the WebContent process' sandbox.

Comment 1 Per Arne Vollan 2021-03-15 10:31:47 PDT

<rdar://75434409>

Comment 2 Per Arne Vollan 2021-03-15 10:37:02 PDT

Created attachment 423195 [details]
Patch

Comment 3 Per Arne Vollan 2021-03-15 10:43:33 PDT

Created attachment 423197 [details]
Patch

Comment 4 Brent Fulgham 2021-03-15 10:56:50 PDT

Comment on attachment 423197 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423197&action=review

r=me

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:1549
> +    (allow file-ioctl (literal "/dev/dtracehelper"))

Whoops!

Comment 5 Per Arne Vollan 2021-03-15 11:38:32 PDT

Created attachment 423208 [details]
Patch

Comment 6 Per Arne Vollan 2021-03-15 12:31:51 PDT

Created attachment 423219 [details]
Patch

Comment 7 Brent Fulgham 2021-03-15 12:49:32 PDT

Comment on attachment 423219 [details]
Patch

r=me

Comment 8 Per Arne Vollan 2021-03-15 13:06:16 PDT

Created attachment 423227 [details]
Patch

Comment 9 Brent Fulgham 2021-03-15 13:13:17 PDT

Comment on attachment 423227 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423227&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:1356
> +        (fcntl-command F_OFD_SETLK)

Need to close this clause: )

Comment 10 Per Arne Vollan 2021-03-15 13:19:29 PDT

Created attachment 423229 [details]
Patch

Comment 11 Per Arne Vollan 2021-03-15 13:20:34 PDT

(In reply to Brent Fulgham from comment #9)
> Comment on attachment 423227 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=423227&action=review
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:1356
> > +        (fcntl-command F_OFD_SETLK)
> 
> Need to close this clause: )

Done.

Thanks for reviewing!

Comment 12 Brent Fulgham 2021-03-15 13:29:12 PDT

Comment on attachment 423229 [details]
Patch

r=me

Comment 13 Per Arne Vollan 2021-03-15 14:23:39 PDT

Landed <https://trac.webkit.org/changeset/274439/webkit>.