RESOLVED FIXED53558
Make WebProcess pass explicit homedir parameter to the sandbox 
https://bugs.webkit.org/show_bug.cgi?id=53558
Summary Make WebProcess pass explicit homedir parameter to the sandbox
Ivan Krstić
Reported 2011-02-01 17:14:34 PST
Instead of relying on the implicit _HOME parameter for the sandbox, make WebProcess pass the parameter explicitly. This makes the sandbox behave correctly when the home directory path contains symlink elements.
Attachments
sandbox-homedir-path (5.74 KB, patch)
2011-02-01 17:24 PST, Ivan Krstić 		mrowe: review-
DetailsFormatted DiffDiff
sandbox-homedir-path-2 (5.75 KB, patch)
2011-02-01 18:07 PST, Ivan Krstić 		mjs: review+
mjs: commit-queue+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ivan Krstić
Comment 1 2011-02-01 17:24:33 PST
Created attachment 80859 [details] sandbox-homedir-path
Maciej Stachowiak
Comment 2 2011-02-01 17:30:56 PST
Comment on attachment 80859 [details] sandbox-homedir-path r=me
Mark Rowe (bdash)
Comment 3 2011-02-01 17:34:46 PST
Comment on attachment 80859 [details] sandbox-homedir-path View in context: https://bugs.webkit.org/attachment.cgi?id=80859&action=review > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > + if (!realpath(getenv("HOME"), homeRealPath)) { Why are we relying on the HOME environment variable rather than using NSHomeDirectory or lower level calls to retrieve the user’s home directory?
Maciej Stachowiak
Comment 4 2011-02-01 17:36:50 PST
Mark is right, please fix that.
Ivan Krstić
Comment 5 2011-02-01 18:07:09 PST
Created attachment 80866 [details] sandbox-homedir-path-2
Adam Roben (:aroben)
Comment 6 2011-02-02 04:58:41 PST
Comment on attachment 80866 [details] sandbox-homedir-path-2 View in context: https://bugs.webkit.org/attachment.cgi?id=80866&action=review > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > + if (!realpath([NSHomeDirectory() UTF8String], homeRealPath)) { Isn't -fileSystemRepresentation more appropriate? > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:142 > + "HOME_DIR", (const char*)homeRealPath, I'm surprised this cast is necessary.
Ivan Krstić
Comment 7 2011-02-03 12:53:13 PST
Comment on attachment 80866 [details] sandbox-homedir-path-2 View in context: https://bugs.webkit.org/attachment.cgi?id=80866&action=review >> Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > > Isn't -fileSystemRepresentation more appropriate? Not really. -fileSystemRepresentation is generally meant for normalizing programmatically-constructed paths, or making sure that derived paths remain correct during cross-volume operations. This line does neither. >> Source/WebKit2/WebProcess/mac/WebProcessMac.mm:142 >> + "HOME_DIR", (const char*)homeRealPath, > > I'm surprised this cast is necessary. It's not, but follows local style (see tmpRealPath, cacheRealPath below). We can eliminate all the casts in a separate patch if you'd like.
Maciej Stachowiak
Comment 8 2011-02-03 16:08:00 PST
Comment on attachment 80866 [details] sandbox-homedir-path-2 r=me
WebKit Review Bot
Comment 9 2011-02-03 22:35:58 PST
Comment on attachment 80866 [details] sandbox-homedir-path-2 Rejecting attachment 80866 [details] from commit-queue. ike@apple.com does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
Ivan Krstić
Comment 10 2011-02-03 23:01:18 PST
Committed r77610: <http://trac.webkit.org/changeset/77610>
Note You need to log in before you can comment on or make changes to this bug.