[Webkit-unassigned] [Bug 143004] [Seccomp] Web process has too much access to /run/user

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 15 08:56:37 PDT 2015


--- Comment #3 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Talked with AP. Indeed, the at-spi2 socket is a total sandbox escape: it can be used to inspect the accessibility tree of arbitrary applications, send them keyboard input, etc. We can't allow access to it. Also we can't block it, since that breaks a11y. A design change will be required. It should be considered in tandem with the problem of supporting a11y under Wayland.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150915/8f5c009c/attachment.html>

More information about the webkit-unassigned mailing list