[webkit-reviews] review granted: [Bug 184991] We should cache the compiled sandbox profile in a data vault : [Attachment 343776] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 28 12:04:12 PDT 2018
Saam Barati <sbarati at apple.com> has granted Ben Richards
<benton_richards at apple.com>'s request for review:
Bug 184991: We should cache the compiled sandbox profile in a data vault
https://bugs.webkit.org/show_bug.cgi?id=184991
Attachment 343776: Patch
https://bugs.webkit.org/attachment.cgi?id=343776&action=review
--- Comment #89 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 343776
--> https://bugs.webkit.org/attachment.cgi?id=343776
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=343776&action=review
r=me
This patch looks good to me, but I think it's worth getting someone else's eyes
on it too.
Let's also discuss in person if we want to commit it now or hold off a bit.
> Source/WebKit/Shared/mac/ChildProcessMac.mm:240
> +static inline String sandboxParentDirectory()
Might be worth a comment saying we've already set the DIRHELPER_USER_DIR_SUFFIX
environment variable here. Or you could have a debug assert w/ getenv
> Source/WebKit/Shared/mac/ChildProcessMac.mm:301
> + constexpr size_t alphaNumRange = sizeof(alphaNum) - 1;
strlen here seems more intuitive.
> Source/WebKit/Shared/mac/ChildProcessMac.mm:302
> + String string;
This should use StringBuilder and return the builder.toString() at the end.
> Source/WebKit/Shared/mac/ChildProcessMac.mm:305
> + string.append(alphaNum[rand() % alphaNumRange]);
We should probably use WTF::randomNumber() here just for consictency.
> Source/WebKit/Shared/mac/ChildProcessMac.mm:335
> + if (errno == EEXIST) {
will this ever be EAGAIN?
> Source/WebKit/Shared/mac/ChildProcessMac.mm:355
> + FileSystem::makeAllDirectories(movedDirectory);
Maybe this should be part of the loop since this can fail?
> Source/WebKit/Shared/mac/ChildProcessMac.mm:364
> + FileSystem::deleteFile(file);
Should we verify it got deleted? Seems like a vulnerability if it doesn't
More information about the webkit-reviews
mailing list