233086 – [macOS] Block access to unused resources in the Networking process' sandbox

RESOLVED FIXED 233086

[macOS] Block access to unused resources in the Networking process' sandbox

https://bugs.webkit.org/show_bug.cgi?id=233086

Summary [macOS] Block access to unused resources in the Networking process' sandbox

Per Arne Vollan

Reported 2021-11-13 09:22:15 PST

Based on telemetry, block access to unused resources in the Networking process' sandbox on macOS.

Attachments
Patch (7.06 KB, patch) 2021-11-13 09:24 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (11.89 KB, patch) 2021-11-13 10:31 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (17.50 KB, patch) 2021-11-13 10:58 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-13 14:56 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-13 15:38 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.73 KB, patch) 2021-11-15 13:16 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (21.84 KB, patch) 2021-11-15 15:43 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (11.92 KB, patch) 2021-11-16 10:00 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (7.08 KB, patch) 2021-11-16 11:27 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (7.09 KB, patch) 2021-11-16 14:55 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (6.48 KB, patch) 2021-11-16 17:56 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (6.83 KB, patch) 2021-11-17 08:59 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (6.96 KB, patch) 2021-11-17 10:17 PST, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (21.75 KB, patch) 2021-11-17 12:18 PST, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Patch (21.81 KB, patch) 2021-11-18 07:22 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (1.38 KB, patch) 2021-11-18 08:40 PST, Per Arne Vollan	no flags	Details Formatted Diff Diff
Show Obsolete (13) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-11-13 09:22:46 PST

<rdar://problem/85376544>

Per Arne Vollan

Comment 2 2021-11-13 09:24:42 PST

Created attachment 444140 [details] Patch

Per Arne Vollan

Comment 3 2021-11-13 10:31:51 PST

Created attachment 444142 [details] Patch

Per Arne Vollan

Comment 4 2021-11-13 10:58:25 PST

Created attachment 444144 [details] Patch

Per Arne Vollan

Comment 5 2021-11-13 14:56:13 PST

Created attachment 444151 [details] Patch

Per Arne Vollan

Comment 6 2021-11-13 15:38:39 PST

Created attachment 444155 [details] Patch

Per Arne Vollan

Comment 7 2021-11-15 13:16:00 PST

Created attachment 444300 [details] Patch

Per Arne Vollan

Comment 8 2021-11-15 15:43:03 PST

Created attachment 444312 [details] Patch

Per Arne Vollan

Comment 9 2021-11-16 10:00:51 PST

Created attachment 444404 [details] Patch

Per Arne Vollan

Comment 10 2021-11-16 11:27:03 PST

Created attachment 444416 [details] Patch

Per Arne Vollan

Comment 11 2021-11-16 14:55:22 PST

Created attachment 444439 [details] Patch

Per Arne Vollan

Comment 12 2021-11-16 17:56:25 PST

Created attachment 444461 [details] Patch

Per Arne Vollan

Comment 13 2021-11-17 08:59:49 PST

Created attachment 444529 [details] Patch

Per Arne Vollan

Comment 14 2021-11-17 10:17:32 PST

Created attachment 444532 [details] Patch

Per Arne Vollan

Comment 15 2021-11-17 12:18:11 PST

Created attachment 444548 [details] Patch

Brent Fulgham

Comment 16 2021-11-17 16:17:26 PST

Comment on attachment 444548 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=444548&action=review > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157 > +(deny sysctl*) (with telemetry) Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry))

Per Arne Vollan

Comment 17 2021-11-17 18:06:18 PST

(In reply to Brent Fulgham from comment #16) > Comment on attachment 444548 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=444548&action=review > > > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157 > > +(deny sysctl*) (with telemetry) > > Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry)) Ah, that's a very good point, will fix. Thanks for reviewing!

Brent Fulgham

Comment 18 2021-11-17 18:33:16 PST

Comment on attachment 444548 [details] Patch R=me, if you fix the syntax error.

Per Arne Vollan

Comment 19 2021-11-18 07:22:25 PST

Created attachment 444671 [details] Patch

EWS

Comment 20 2021-11-18 07:52:49 PST

Committed r286003 (244400@main): <https://commits.webkit.org/244400@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444671 [details].

Per Arne Vollan

Comment 21 2021-11-18 08:40:43 PST

Reopening to attach new patch.

Per Arne Vollan

Comment 22 2021-11-18 08:40:44 PST

Created attachment 444682 [details] Patch

Brent Fulgham

Comment 23 2021-11-18 09:14:57 PST

Comment on attachment 444682 [details] Patch r=me

Per Arne Vollan

Comment 24 2021-11-18 09:31:46 PST

Comment on attachment 444682 [details] Patch Thanks for reviewing!

EWS

Comment 25 2021-11-18 09:59:04 PST

Committed r286010 (244403@main): <https://commits.webkit.org/244403@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444682 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Per Arne Vollan

Reported

2021-11-13 09:22 PST

Modified

2021-11-18 09:59 PST History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks