RESOLVED FIXED 225370
[Cocoa] Remove access to the unused 'nvram' system command 
https://bugs.webkit.org/show_bug.cgi?id=225370
Summary [Cocoa] Remove access to the unused 'nvram' system command
Brent Fulgham
Reported 2021-05-04 16:05:17 PDT
Deny access to 'nvram' in the WebKit sandboxes. No API surface interacts with this low-level feature, and other system sandboxes already deny it. It should not have been possible to reach nvram, but there's no reason to allow the sandbox to access it. <rdar://problem/66583129>
Attachments
Patch (5.51 KB, patch)
2021-05-04 16:07 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-05-04 16:07:49 PDT
Created attachment 427709 [details] Patch
Brent Fulgham
Comment 2 2021-05-04 16:35:13 PDT
Confirmed proper function on iOS device and macOS. Waiting for EWS to show any other impact on downlevel platforms.
Per Arne Vollan
Comment 3 2021-05-05 10:02:15 PDT
Comment on attachment 427709 [details] Patch R=me.
EWS
Comment 4 2021-05-05 11:43:32 PDT
Committed r277032 (237345@main): <https://commits.webkit.org/237345@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427709 [details].
Radar WebKit Bug Importer
Comment 5 2021-05-05 11:44:16 PDT
<rdar://problem/77567746>
Note You need to log in before you can comment on or make changes to this bug.