RESOLVED FIXED Bug 230985
Make sandbox rules for debug syscalls stricter 
https://bugs.webkit.org/show_bug.cgi?id=230985
Summary Make sandbox rules for debug syscalls stricter
Per Arne Vollan
Reported 2021-09-29 14:19:11 PDT
Make sandbox rules for debug syscalls stricter in the WebContent process on macOS and iOS.
Attachments
Patch (4.80 KB, patch)
2021-09-29 14:24 PDT, Per Arne Vollan 		bfulgham: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (4.76 KB, patch)
2021-09-29 16:40 PDT, Per Arne Vollan 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (3.85 KB, patch)
2021-10-01 06:56 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2021-09-29 14:19:35 PDT
<rdar://49531420>
Per Arne Vollan
Comment 2 2021-09-29 14:24:23 PDT
Created attachment 439659 [details] Patch
Brent Fulgham
Comment 3 2021-09-29 14:37:46 PDT
Comment on attachment 439659 [details] Patch Nice! r=me
Per Arne Vollan
Comment 4 2021-09-29 15:54:13 PDT
Comment on attachment 439659 [details] Patch Thanks for reviewing!
Per Arne Vollan
Comment 5 2021-09-29 16:40:34 PDT
Created attachment 439680 [details] Patch
Per Arne Vollan
Comment 6 2021-10-01 06:56:47 PDT
Created attachment 439853 [details] Patch
EWS
Comment 7 2021-10-01 10:08:01 PDT
Committed r283375 (242383@main): <https://commits.webkit.org/242383@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 439853 [details].
Alexey Proskuryakov
Comment 8 2021-10-01 10:49:28 PDT
Comment on attachment 439853 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=439853&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1333 > +(with-filter (system-attribute apple-internal) What are the consequences of this? Will dtrace and Instruments still work with WebKit?
Per Arne Vollan
Comment 9 2021-10-01 13:59:55 PDT
(In reply to Alexey Proskuryakov from comment #8) > Comment on attachment 439853 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=439853&action=review > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:1333 > > +(with-filter (system-attribute apple-internal) > > What are the consequences of this? Will dtrace and Instruments still work > with WebKit? That is a good point. I will look into confirming that. Thanks for reviewing!
Note You need to log in before you can comment on or make changes to this bug.