223192 – Enforce subcommand filtering

RESOLVED FIXED 223192

Enforce subcommand filtering

https://bugs.webkit.org/show_bug.cgi?id=223192

Summary Enforce subcommand filtering

Per Arne Vollan

Reported 2021-03-15 10:31:18 PDT

Enforce subcommand filtering in the WebContent process' sandbox.

Attachments
Patch (7.43 KB, patch) 2021-03-15 10:37 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (8.32 KB, patch) 2021-03-15 10:43 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (8.65 KB, patch) 2021-03-15 11:38 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (8.55 KB, patch) 2021-03-15 12:31 PDT, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Patch (8.70 KB, patch) 2021-03-15 13:06 PDT, Per Arne Vollan	bfulgham: review- bfulgham: commit-queue-	Details Formatted Diff Diff
Patch (8.70 KB, patch) 2021-03-15 13:19 PDT, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Per Arne Vollan

Comment 1 2021-03-15 10:31:47 PDT

<rdar://75434409>

Per Arne Vollan

Comment 2 2021-03-15 10:37:02 PDT

Created attachment 423195 [details] Patch

Per Arne Vollan

Comment 3 2021-03-15 10:43:33 PDT

Created attachment 423197 [details] Patch

Brent Fulgham

Comment 4 2021-03-15 10:56:50 PDT

Comment on attachment 423197 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423197&action=review r=me > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:1549 > + (allow file-ioctl (literal "/dev/dtracehelper")) Whoops!

Per Arne Vollan

Comment 5 2021-03-15 11:38:32 PDT

Created attachment 423208 [details] Patch

Per Arne Vollan

Comment 6 2021-03-15 12:31:51 PDT

Created attachment 423219 [details] Patch

Brent Fulgham

Comment 7 2021-03-15 12:49:32 PDT

Comment on attachment 423219 [details] Patch r=me

Per Arne Vollan

Comment 8 2021-03-15 13:06:16 PDT

Created attachment 423227 [details] Patch

Brent Fulgham

Comment 9 2021-03-15 13:13:17 PDT

Comment on attachment 423227 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423227&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:1356 > + (fcntl-command F_OFD_SETLK) Need to close this clause: )

Per Arne Vollan

Comment 10 2021-03-15 13:19:29 PDT

Created attachment 423229 [details] Patch

Per Arne Vollan

Comment 11 2021-03-15 13:20:34 PDT

(In reply to Brent Fulgham from comment #9) > Comment on attachment 423227 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=423227&action=review > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:1356 > > + (fcntl-command F_OFD_SETLK) > > Need to close this clause: ) Done. Thanks for reviewing!

Brent Fulgham

Comment 12 2021-03-15 13:29:12 PDT

Comment on attachment 423229 [details] Patch r=me

Per Arne Vollan

Comment 13 2021-03-15 14:23:39 PDT

Landed <https://trac.webkit.org/changeset/274439/webkit>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Per Arne Vollan

Reported

2021-03-15 10:31 PDT

Modified

2021-03-15 14:23 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks