[Webkit-unassigned] [Bug 183806] New: Create an assertion mechanism to ensure proper WebCore use in each Web Process

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 20 21:41:54 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=183806

            Bug ID: 183806
           Summary: Create an assertion mechanism to ensure proper WebCore
                    use in each Web Process
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bfulgham at webkit.org

Part of our security improvements involve better isolation between the different WebKit processes (UIProcess, WebContent, Networking, Storage, etc.).

We need an assertion language we can use to protect certain critical APIs and code paths against accidental misuse.

This patch adds a new enum type meant to represent different categories of program logic that we do not want used in the wrong process.

Initially, this consists of the following:

1. None -- this process cannot use any specially privileged operations.
2. CanAccessRawCookies -- this protects access to the system cookie store. The WebContent process should only ever have cookies as filtered and meted out by the NetworkProcess.
3. CanAccessCredentials -- access to the system security credentials and keychain should not be allowed in the WebContent process.
4. CanCommunicateWithWindowServer -- WindowServer access (on macOS) should never be allowed in the WebContent process. Other platforms may have similar powerful APIs that need protection as well.
5. All -- This process may use all privileged operations. This should really only be present in the UIProcess.

This first patch just creates these types and makes them available. New assertions using these values will be added as we complete our work ensuring proper process isolation.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180321/3d889d23/attachment.html>

More information about the webkit-unassigned mailing list