[webkit-reviews] review granted: [Bug 200182] Allow more syscalls in the WebContent process' sandbox profile : [Attachment 374998] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 26 17:24:12 PDT 2019
Geoffrey Garen <ggaren at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 200182: Allow more syscalls in the WebContent process' sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=200182
Attachment 374998: Patch
https://bugs.webkit.org/attachment.cgi?id=374998&action=review
--- Comment #7 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 374998
--> https://bugs.webkit.org/attachment.cgi?id=374998
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=374998&action=review
r=me
>>>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:945
>>>> + (syscall-number SYS_recvmsg)
>>>
>>> This one looks suspicious. Looking at the logs, it seems like there is
actual networking happening in WebContent, which is not allowed. So we may need
a higher level fix here.
>>
>> I am no sandboxing expert so I followed the existing pattern. We already
allow SYS_recvfrom / SYS_recvfrom_nocancel / SYS_sendto / SYS_sendmsg_nocancel
/ SYS_sendto_nocancel.
>
> Couldn't it be a socket used to talk to a daemon, as opposed to actual
networking?
FWIW, in the traces I saw, each call to recvmsg was triggered by a network
connection failure. Seems like someone might have tried to do some networking,
but didn't necessarily succeed.
Given that these similar sys calls are already allowed, I'm inclined to allow
this one too, so folks can stop crashing while we figure out how to generally
remove access to this set of syscalls.
More information about the webkit-reviews
mailing list