[Webkit-unassigned] [Bug 211131] [WPE][GTK] Paths should be canonicalized before calling bwrap
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 23 11:35:16 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=211131
--- Comment #7 from apteryx <maxim.cournoyer at gmail.com> ---
(In reply to Michael Catanzaro from comment #3)
> Comment on attachment 452983 [details]
> Patch
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=452983&action=review
>
> > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:334
> > +static void bindSymlinksRealPath(Vector<CString>& args, const char* path, const char* bindOption = "--ro-bind")
> > +{
> > + WTF::String realPath = FileSystem::realPath(path);
> > + if (path == realPath) {
> > + const char* rpath = realPath.utf8().data();
> > + args.appendVector(Vector<CString>({ bindOption, rpath, rpath }));
> > + }
> > +}
>
> I'm a little confused here.
>
> What I expected: if the path is a symlink, bind its target instead so the
> operation doesn't fail.
>
> What you have here: if the path is a symlink (path != realPath), ignore it.
> Sure, the operation will not fail if you skip it, but won't you still wind
> up with a broken sandbox?
Hmm, you are right. Fixed.
> > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:352
> > + bindSymlinksRealPath(args, path, bindType);
> > + // As /etc is exposed wholesale, do not layer extraneous bind
>
> Style nit: leave a blank line here.
Fixed.
Thank you!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220223/97788a43/attachment.htm>
More information about the webkit-unassigned
mailing list