[Webkit-unassigned] [Bug 140132] New: [GTK] SeccompFilters: trap more filesystem access system calls
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 6 11:06:27 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=140132
Bug ID: 140132
Summary: [GTK] SeccompFilters: trap more filesystem access
system calls
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: PC
OS: Linux
Status: NEW
Severity: Enhancement
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
Before we enable seccomp filters by default in the GTK+ port, we should trap more system calls. Currently, we trap open, openat, and creat so that we only allow access to particular files. Research the other system calls that operate on the filesystem to determine what we need to trap and what we don't.
The Chrome sandbox blocks all system calls that Chrome doesn't use, to reduce the kernel attack space. That would be great theoretically, but I think it's too ambitious for our purposes, as it would be quite difficult to maintain unless we start bundling all of our dependencies like Chrome does. For now, let's simply trap filesystem system calls so that a compromised web process needs a separate kernel exploit if it wants to vacuum up the user's personal data.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150106/f8cb46af/attachment-0002.html>
More information about the webkit-unassigned
mailing list