[Webkit-unassigned] [Bug 140073] New: [GTK] Add API for web process filesystem sandbox extensions

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jan 4 21:01:34 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=140073

            Bug ID: 140073
           Summary: [GTK] Add API for web process filesystem sandbox
                    extensions
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

We unfortunately have to break existing web extensions that perform filesystem operations if we want to sandbox the web process. We have a couple of options here:

1) Require the web extension to set up some form of IPC with the UI process to ask it to perform the syscall for it. This would be inconvenient for web extension authors, and it would be a hole in the sandbox: the UI process should not trust input from the sandbox web process.
2) Provide API to open holes in the sandbox, so the web process can open extra files as needed. E.g. ~/.config/epiphany/adblock

Consider also that the API I add in this patch is on the WebKitWebContext. That's probably *not acceptable* if extensions are expected to be developed separately from web browsers, which I think we probably want to support. So this is just a proof of concept; probably the final API should be on the WebKitWebExtension itself.

Lastly consider that a better sandbox would trap or block many more syscalls than we currently do. In particular, it'd be really nice to block the web process from accessing the network (if the network process is enabled) (but I think web sockets are currently implemented in the web process only). That would require more sophisticated API beyond that added in this patch, so that the web process would be allowed to e.g. connect to https://easylist-downloads.adblockplus.org/ -- though I definitely want any API we provide to be at a much higher level than system calls.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150105/8687402f/attachment-0002.html>

More information about the webkit-unassigned mailing list