225661 – [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encountered

RESOLVED WONTFIX 225661

[macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encountered

https://bugs.webkit.org/show_bug.cgi?id=225661

Summary [macOS] Only extend access to 'com.apple.print.normalizerd' when EPS is encou...

Brent Fulgham

Reported 2021-05-11 10:33:21 PDT

We could improve our sandbox slightly by only extending access to 'com.apple.print.normalizerd' when we encounter EPS content. It's not used in other content, and these files are fairly uncommon.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-05-11 10:33:43 PDT

<rdar://problem/77853004>

Alexey Proskuryakov

Comment 2 2021-05-11 10:58:12 PDT

When an attacker has code execution already, isn't it up to them to decide what to tell UI process about content type? This would seem like a trivially minor nuisance to the attacker to bypass.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Nobody

Reported

2021-05-11 10:33 PDT

Modified

2021-05-21 10:22 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks