[webkit-reviews] review requested: [Bug 231258] Prevent test functionality in AdAttributionDaemon when not running tests : [Attachment 440273] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 5 22:42:20 PDT 2021
Alex Christensen <achristensen at apple.com> has asked for review:
Bug 231258: Prevent test functionality in AdAttributionDaemon when not running
tests
https://bugs.webkit.org/show_bug.cgi?id=231258
Attachment 440273: Patch
https://bugs.webkit.org/attachment.cgi?id=440273&action=review
--- Comment #9 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 440273
--> https://bugs.webkit.org/attachment.cgi?id=440273
Patch
This does fix this problem completely. This problem is that by calling SPI a
rogue app can get the AdAttributionDaemon to do things that it should not.
What you are describing is a different problem that I don't think exists, but
if it does then it needs a different mitigation. Re-requesting review. If you
are still opposed to this reducing of attack surface area, then we should
probably discuss it in a meeting next week.
More information about the webkit-reviews
mailing list