[webkit-reviews] review granted: [Bug 186110] Add a sandbox profile for com.cisco.webex.plugin.gpc64 plugin : [Attachment 341799] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 1 16:34:53 PDT 2018
Brent Fulgham <bfulgham at webkit.org> has granted youenn fablet
<youennf at gmail.com>'s request for review:
Bug 186110: Add a sandbox profile for com.cisco.webex.plugin.gpc64 plugin
https://bugs.webkit.org/show_bug.cgi?id=186110
Attachment 341799: Patch
https://bugs.webkit.org/attachment.cgi?id=341799&action=review
--- Comment #11 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 341799
--> https://bugs.webkit.org/attachment.cgi?id=341799
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=341799&action=review
Looks much better! I think this is a good first cut. We can tighten it as we
work with it more.
> Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:531
> + (if (not (defined? 'allow-symlinks))
I just tested this locally and made sure existing plugins still hit this code
path, so that works properly.
>
Source/WebKit/Resources/PlugInSandboxProfiles/com.cisco.webex.plugin.gpc64.sb:4
1
> + (prefix "/private/tmp"))
It's a little scary to be granting global read/write to "/private/tmp". It
would be nice to tighten this up to a sub-folder if possible.
More information about the webkit-reviews
mailing list