[webkit-reviews] review denied: [Bug 90005] [Qt][Linux][WK2] Putting QtWebProcess into a chrooted sandbox : [Attachment 177000] Proposed patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 21 15:29:34 PST 2013 

Anders Carlsson <andersca at apple.com> has denied Renata Hodovan
<reni at webkit.org>'s request for review:
Bug 90005: [Qt][Linux][WK2] Putting QtWebProcess into a chrooted sandbox
https://bugs.webkit.org/show_bug.cgi?id=90005

Attachment 177000: Proposed patch
https://bugs.webkit.org/attachment.cgi?id=177000&action=review

------- Additional Comments from Anders Carlsson <andersca at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=177000&action=review


Looks much better, only a couple of minor nits left to fix! ;)

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:52
> +enum { PathSize = 512 };

It's a little weird to use an enum here, can't you just use a const unsigned?
Also, globals should still start with a lowercase letter. I think a better name
would be maximumPathLength.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:114
> +    if (lstat(sandboxDirectory, &sandboxDirectoryInfo) != -1) {
> +	   if (!S_ISDIR(sandboxDirectoryInfo.st_mode)) {
> +	       fprintf(stderr, "%s is not a directory!\n", sandboxDirectory);
> +	       return;
> +	   }
> +    } else {
> +	   fprintf(stderr, "Sandbox directory (%s) is not available: %s.\n",
sandboxDirectory, strerror(errno));
> +	   return;
> +    }

I think this would look better as checking if lstat returns -1 and returning
early, and then checking the ISDIR flag.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:150
> +    if (setenv(SANDBOX_HELPER_PID, sandboxHelperPID , 1) == -1) {

Extra space before the comma.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:170
> +    return true;

I think there should be an extra newline before this return statement.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:221
> +	   if (cap_set_flag(capabilities, CAP_EFFECTIVE, length,
capabilityList, CAP_SET)
> +	       || cap_set_flag(capabilities, CAP_INHERITABLE, length,
capabilityList, CAP_SET)
> +	       || cap_set_flag(capabilities, CAP_PERMITTED, length,
capabilityList, CAP_SET) == -1) {

I think you need to check each cap_set_flag value for -1 here.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:313
> +static bool createDirectoryChain(const char* path)

I think this could use a comment detailing what it does.

> Source/WebKit2/Shared/linux/SandboxProcess/SandboxEnvironmentLinux.cpp:655
> +    appendDirectoryComponent(localDirectory, home, "/.local/share/Nokia/");
> +    appendDirectoryComponent(cacheDirectory, home, "/.cache/Nokia/");

Nokia?

More information about the webkit-reviews mailing list