[Webkit-unassigned] [Bug 193571] [GTK][WPE] Add API to add paths to sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 25 11:06:18 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193571
--- Comment #44 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to youenn fablet from comment #42)
> In that particular case, the UIProcess could open this adblock data file and
> pass the file handle to the WebProcess. The WebProcess could then read the
> content (or if not feasible, the content would be sent through IPC either
> raw or processed).
That's true, but it doesn't help for cases like /tmp.
> Given JavaScript is run in WebProcess, I am not sure it is safe for
> arbitrary user provided code to run in it and provide priviledges to enable
> it to run.
We have an entire web process API and it's a feature used by many applications, so it can't just go away.
> (In reply to Michael Catanzaro from comment #39)
> Another approach would be to make WebKit aware of these code paths.
> Something like, please use "/tmp/epiphany-mcatanzaro-fPO5Qw" as temporary
> folder for that browsing session.
> Then, WebKit would whitelist this folder at process launch time.
> As an added bonus, WebKit could for instance monitor the size of
> "/tmp/epiphany-mcatanzaro-fPO5Qw", clear the folder when appropriate...
Problem is that only works for directories controlled by WebKit itself. E.g. we were already whitelisting all paths required by WebsiteDataStore. We could get it working with hacks like setting base-data-dir to be /tmp/epiphany-mcatanzaro-fPO5Qw but it's really better to just let the UI process decide what web process should be allowed to touch.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190125/0601bea5/attachment.html>
More information about the webkit-unassigned
mailing list