[Webkit-unassigned] [Bug 199367] [GTK][WPE] Explicitly blacklist problematic directories for sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 2 01:28:49 PDT 2019


--- Comment #12 from Carlos Garcia Campos <cgarcia at igalia.com> ---
Comment on attachment 373250
  --> https://bugs.webkit.org/attachment.cgi?id=373250

View in context: https://bugs.webkit.org/attachment.cgi?id=373250&action=review

> Source/WebKit/ChangeLog:7
> +

Explain the change here, please. What are problematic directories?

> Source/WebKit/ChangeLog:9
> +        (path_is_not_blacklisted):


> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:1191
> +    const Vector<CString> blacklistedPrefixes = {

static? You can also pass the inline capacity to avoid heap allocation, since the vector size is fixed. 

static const Vector<CString, 5> blacklistedPrefixes = {

>> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:1199
>> +    /* NOTE: Due to previous check there is always one leading `/` */
> Ditto.

What previous check? g_path_is_absolute in the caller? I would add an assert here, it's self documented and ensures that's the case. Or we can move the check to this function and consider relative paths to be blacklisted too.

> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:1201
> +    return blacklistedPrefixes.find(splitPath.get()[1]) != WTF::notFound;

This is Vector::contains()

> Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp:1228
> +        return;

Ok, so we don't allow to add certain paths to the sandbox explicitly. This should be testable, no?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190702/755925e3/attachment.html>

More information about the webkit-unassigned mailing list