[Webkit-unassigned] [Bug 90005] [WK2] Putting QtWebProcess into a chrooted sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 26 13:07:38 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=90005


Renata Hodovan <reni at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|webkit-unassigned at lists.web |reni at webkit.org
                   |kit.org                     |




--- Comment #1 from Renata Hodovan <reni at webkit.org>  2012-06-26 13:07:33 PST ---
Created an attachment (id=149593)
 --> (https://bugs.webkit.org/attachment.cgi?id=149593&action=review)
Completely incomplete, just to get feedback :)

This is a preliminary patch for sandboxing the QtWebProcess. In this approach WebProcess is started in a separated chroot.
The chroot environment is generated in runtime (into /mnt/wk-sandbox). Currently most of the needed directories are simply bound (mount --rbind) into the appropriate place in the sandbox. These directories are enumerated in a constant list. Later, this will be replaced with a dynamic generation process what will adapt the libraries to an arbitrary target. Furthermore, instead of binding, we will be able to use hard links (this way the clean-up of the chroot env will also be easy). I already have a function that carries out an ldd-like functionality and also follows symbolic links, but this is an incomplete solution yet so I don't upload it this time.
This approach uses the standard chroot functionality of linux what needs superuser rights. To avoid running MiniBrowser with sudo we can modify the installation process by changing the owner of MiniBrowser to root and setting the effective userid to the owner. This way MiniBrowser will run with superuser rights until the creation of WebProcess. At this point we perform the chrooting and afterwards we don't need special rigths anymore so we change back to the real user (who is actually logged in) or to the "nobody" user (this needs further investigation, since nobody doesn't have a home directory but some of the resources (e.g. caches) are often stored there.
Any comments or feedback are much appreciated! :)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list