Bug 231079 - Block access in sandbox to capability which is allowed by default
Summary: Block access in sandbox to capability which is allowed by default
Status: REOPENED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on: 231567
Blocks:
  Show dependency treegraph
 
Reported: 2021-10-01 07:40 PDT by Per Arne Vollan
Modified: 2021-10-12 02:46 PDT (History)
5 users (show)

See Also:

Attachments
Patch (1.65 KB, patch)
2021-10-01 07:42 PDT, Per Arne Vollan 		bfulgham: review+
Details | Formatted Diff | Diff
Patch (1.62 KB, patch)
2021-10-11 03:45 PDT, Per Arne Vollan 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2021-10-01 07:40:07 PDT 
Some capabilities are allowed by default, and needs to be explicitly denied in the sandbox.
Comment 1 Per Arne Vollan 2021-10-01 07:40:54 PDT 
<rdar://66586853>
Comment 2 Per Arne Vollan 2021-10-01 07:42:52 PDT 
Created attachment 439859 [details]
Patch
Comment 3 Brent Fulgham 2021-10-01 09:23:18 PDT 
Comment on attachment 439859 [details]
Patch

r=me
Comment 4 Per Arne Vollan 2021-10-11 03:40:49 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 439859 [details]
> Patch
> 
> r=me

I have tested this change locally, and it does not appear to introduce a regression related to JIT code generation.

Thanks for reviewing!
Comment 5 Per Arne Vollan 2021-10-11 03:45:54 PDT 
Created attachment 440772 [details]
Patch
Comment 6 EWS 2021-10-11 04:50:32 PDT 
Committed r283890 (242767@main): <https://commits.webkit.org/242767@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 440772 [details].
Comment 7 WebKit Commit Bot 2021-10-12 02:46:19 PDT 
Re-opened since this is blocked by bug 231567