[Webkit-unassigned] [Bug 191360] [GTK][WPE] Bubblewrap launcher should not depend on memfd
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 9 05:53:24 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=191360
--- Comment #10 from Patrick Griffis <pgriffis at igalia.com> ---
(In reply to Carlos Garcia Campos from comment #9)
> (In reply to Patrick Griffis from comment #8)
> > Actually regarding F_SEAL_WRITE, I guess that is the definition of what
> > `SharedMemory::Protection::ReadOnly` should do right?
>
> It could be, but I don't think we can do that anyway. It's true that we
> don't normally create more than one handle for the same shared memory, but
> the API allows that. We can only seal an fd created by memfd, but not the
> duplicated one used by the handler (AFAIK). So we would need to seal before
> dup, making the shared memory read only even if a following createHandle
> uses a readwrite protection, because seals can't be removed. We could add a
> seal method to shared memory, to be called after data have been written, but
> I don't think it's worth it.
Well the resulting fd *must* be read-only otherwise its a sandbox escape.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181109/2a2e0129/attachment.html>
More information about the webkit-unassigned
mailing list