[Webkit-unassigned] [Bug 189963] New: [WPE][GTK] Fix file:// URI access in sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 25 11:40:07 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=189963
Bug ID: 189963
Summary: [WPE][GTK] Fix file:// URI access in sandbox
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: pgriffis at igalia.com
CC: bugs-noreply at webkitgtk.org
Currently `file://` URIs are all handled by the NetworkProcess which does not have filesystem access.
Granting that access would defeat the purpose of the sandbox so this needs to be moved out of this process.
One idea would be creating a new LocalFileProcess or such so it could work but doesn't compromise every
websites NetworkProcess.
This cannot be solved by simply mounting requested URIs dynamically at runtime as all `bwrap` permissions
happen once at process creation and adding bind mounts later would require root permissions which is
not ideal.
We also cannot use the `document-portal` that flatpak uses because it does not handle
directories yet and doesn't have any solid plans how to do so.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180925/74dd3ccc/attachment-0001.html>
More information about the webkit-unassigned
mailing list