[Webkit-unassigned] [Bug 143004] [Seccomp] Web process has too much access to /run/user
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 24 07:59:31 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=143004
Michael Catanzaro <mcatanzaro at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jdiggs at igalia.com,
| |mcatanzaro at igalia.com,
| |zan at falconsigh.net
--- Comment #1 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Hey Joanie, I think you're the expert here. The security model is that the web process has been compromised and running attacker-controlled code, and is trying to access the user's personal files, so ideally it would not be able to have any more access in /run/user/uid than it really needs. I can just imagine it using the at-spi2 socket to control nautilus or something; is that possible?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150324/8c8045cd/attachment-0002.html>
More information about the webkit-unassigned
mailing list