[webkit-reviews] review denied: [Bug 90005] [WK2] Putting QtWebProcess into a chrooted sandbox : [Attachment 170358] Proposed patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 30 09:32:45 PDT 2012
Andreas Kling <kling at webkit.org> has denied Renata Hodovan <reni at webkit.org>'s
request for review:
Bug 90005: [WK2] Putting QtWebProcess into a chrooted sandbox
https://bugs.webkit.org/show_bug.cgi?id=90005
Attachment 170358: Proposed patch
https://bugs.webkit.org/attachment.cgi?id=170358&action=review
------- Additional Comments from Andreas Kling <kling at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=170358&action=review
> Source/WebKit2/Shared/linux/SandboxProcess/StringOperations.h:31
> +// Secure string operations.
> +bool stringCopy(char*, const char*, int);
> +bool stringCopy(char*, const char*, const int, int);
> +bool stringConcat(char*, const char*, const char*, int);
> +bool stringConcat(char*, const char*, const char*, const char*, int);
> +bool stringAppend(char*, const char*, int);
I don't see what's "secure" about these functions.
Please use the standard C library string functions instead.
You're already using memcpy() from string.h to implement them.
> Source/WebKit2/WebProcess/qt/WebProcessMainQt.cpp:72
> +#define SBX_D "SBX_D"
> +#define SBX_HELPER_PID "SBX_HELPER_PID"
> +
> +#define MSG_CHROOTME 'C'
> +#define MSG_CHROOTED 'O'
You probably want to put these in a common header file instead of copy-pasting
them across the codebase.
More information about the webkit-reviews
mailing list