[Webkit-unassigned] [Bug 140073] New: [GTK] Add API for web process filesystem sandbox extensions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 4 21:01:34 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=140073
Bug ID: 140073
Summary: [GTK] Add API for web process filesystem sandbox
extensions
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
We unfortunately have to break existing web extensions that perform filesystem operations if we want to sandbox the web process. We have a couple of options here:
1) Require the web extension to set up some form of IPC with the UI process to ask it to perform the syscall for it. This would be inconvenient for web extension authors, and it would be a hole in the sandbox: the UI process should not trust input from the sandbox web process.
2) Provide API to open holes in the sandbox, so the web process can open extra files as needed. E.g. ~/.config/epiphany/adblock
Consider also that the API I add in this patch is on the WebKitWebContext. That's probably *not acceptable* if extensions are expected to be developed separately from web browsers, which I think we probably want to support. So this is just a proof of concept; probably the final API should be on the WebKitWebExtension itself.
Lastly consider that a better sandbox would trap or block many more syscalls than we currently do. In particular, it'd be really nice to block the web process from accessing the network (if the network process is enabled) (but I think web sockets are currently implemented in the web process only). That would require more sophisticated API beyond that added in this patch, so that the web process would be allowed to e.g. connect to https://easylist-downloads.adblockplus.org/ -- though I definitely want any API we provide to be at a much higher level than system calls.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150105/8687402f/attachment-0002.html>
More information about the webkit-unassigned
mailing list