Bug 225661 - [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encountered
Summary: [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encou...
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-05-11 10:33 PDT by Brent Fulgham
Modified: 2021-05-21 10:22 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2021-05-11 10:33:21 PDT 
We could improve our sandbox slightly by only extending access to 'com.apple.print.normalizerd' when we encounter EPS content. It's not used in other content, and these files are fairly uncommon.
Comment 1 Radar WebKit Bug Importer 2021-05-11 10:33:43 PDT 
<rdar://problem/77853004>
Comment 2 Alexey Proskuryakov 2021-05-11 10:58:12 PDT 
When an attacker has code execution already, isn't it up to them to decide what to tell UI process about content type? This would seem like a trivially minor nuisance to the attacker to bypass.