[webkit-gtk] Web process sandbox
Sergio Villar Senin
svillar at igalia.com
Thu Jan 8 01:24:49 PST 2015
On 07/01/15 18:46, Michael Catanzaro wrote:
>
> * We need to discuss new API for applications to declare what paths on
> the filesystem their web extensions should be allowed to access. Either
> (a) the UI process should be able to declare paths that web extensions
> should have access to, or (b) web extensions themselves should be able
> to do so during initialization. (a) is appropriate for browsers that do
> not allow third-party web extensions (like Epiphany) or browsers that
> want to (severely) restrict the capabilities of third-party web
> extensions. (b) is probably the only practical approach for browsers
> with third-party web extensions, though it implies trust that the web
> extension is not malicious. Feedback is appreciated on [3], which
> implements (a), but I think we may want to do (b) instead.
If we want to use sandboxing my opinion is that we should be very active
restricting the potential capabilities of web extensions. Perhaps we
could declare some fixed safe filesystem path that all of them should
use or seomthing.
> * We need a way to disable the sandbox (before the web process is
> initialized), for testing purposes. That could be the form of API, say
> webkit_web_context_set_web_extension_sandbox_enabled(WebKitWebContext *,
> gboolean), but it'd probably be nicer to use an environment variable
> like WEBKIT_SANDBOX_DISABLE.
If that's for testing purposes only, it should be likely be part of the
WebCore's internals API.
BR
More information about the webkit-gtk
mailing list