[webkit-reviews] review granted: [Bug 200182] Allow more syscalls in the WebContent process' sandbox profile : [Attachment 374998] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 26 17:24:12 PDT 2019

Geoffrey Garen <ggaren at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 200182: Allow more syscalls in the WebContent process' sandbox profile

Attachment 374998: Patch


--- Comment #7 from Geoffrey Garen <ggaren at apple.com> ---
Comment on attachment 374998
  --> https://bugs.webkit.org/attachment.cgi?id=374998

View in context: https://bugs.webkit.org/attachment.cgi?id=374998&action=review


>>>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:945
>>>> +	      (syscall-number SYS_recvmsg)
>>> This one looks suspicious. Looking at the logs, it seems like there is
actual networking happening in WebContent, which is not allowed. So we may need
a higher level fix here.
>> I am no sandboxing expert so I followed the existing pattern. We already
allow SYS_recvfrom / SYS_recvfrom_nocancel / SYS_sendto / SYS_sendmsg_nocancel
/ SYS_sendto_nocancel.
> Couldn't it be a socket used to talk to a daemon, as opposed to actual

FWIW, in the traces I saw, each call to recvmsg was triggered by a network
connection failure. Seems like someone might have tried to do some networking,
but didn't necessarily succeed.

Given that these similar sys calls are already allowed, I'm inclined to allow
this one too, so folks can stop crashing while we figure out how to generally
remove access to this set of syscalls.

More information about the webkit-reviews mailing list