[webkit-reviews] review granted: [Bug 239551] HARDENING: Add MESSAGE_CHECK in some Captive Portal cases : [Attachment 458300] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 25 14:52:52 PDT 2022


Darin Adler <darin at apple.com> has granted Brent Fulgham <bfulgham at webkit.org>'s
request for review:
Bug 239551: HARDENING: Add MESSAGE_CHECK in some Captive Portal cases
https://bugs.webkit.org/show_bug.cgi?id=239551

Attachment 458300: Patch

https://bugs.webkit.org/attachment.cgi?id=458300&action=review




--- Comment #8 from Darin Adler <darin at apple.com> ---
Comment on attachment 458300
  --> https://bugs.webkit.org/attachment.cgi?id=458300
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=458300&action=review

> Source/WebKit/ChangeLog:12
> +	   Add MESSAGE_CHECK protections to a set of message handlers for API
prohibited when
> +	   sent from a Captive Portal process. This change also adds a flag to
the GPUProcessConnectionParameters
> +	   struct so that GPU Process connections can be marked as being
associated with a Captive Portal
> +	   process.

What prevents the web process from trying to send these messages in the captive
portal case? To state the obvious, we don’t want a MESSAGE_CHECK to ever fire
unless the web process is compromised. So presumably we have to have code that
prevents trying to send these messages in normal circumstances, along with the
MESSAGE_CHECK protection that is where the full security value comes from when
the web process has been controlled or attacked.


More information about the webkit-reviews mailing list