[Webkit-unassigned] [Bug 194370] New: [WPE][GTK] Unsafe setenv use in WebProcessPool::platformInitialize

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 6 18:54:06 PST 2019


https://bugs.webkit.org/show_bug.cgi?id=194370

            Bug ID: 194370
           Summary: [WPE][GTK] Unsafe setenv use in
                    WebProcessPool::platformInitialize
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK+
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

WebProcessPool::platformInitialize unsafely calls g_unsetenv to unset WEBKIT_INSPECTOR_SERVER. WebKit must never modify environment variables in the UI process, because it could cause applications to crash. (The only safe place to modify environment variables is the very top of main() in secondary processes. It can't be done at all in the UI process.) So we need to find some way to avoid the need to call unsetenv here.

Also, note this function is duplicated between WebProcessPoolGtk.cpp and WebProcessPoolWPE.cpp, so both places need to be fixed, or the implementations shared.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190207/12106422/attachment.html>


More information about the webkit-unassigned mailing list