Changeset 247076 in webkit


Ignore:
Timestamp:
Jul 2, 2019 4:05:07 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

[GTK][WPE] Explicitly blacklist problematic directories for sandbox
https://bugs.webkit.org/show_bug.cgi?id=199367

Patch by Patrick Griffis <Patrick Griffis> on 2019-07-02
Reviewed by Michael Catanzaro.

There are some directories that simply do not make sense to bind into the sandbox
and will only cause issues such as /proc so lets just block them.

  • UIProcess/API/glib/WebKitWebContext.cpp:

(path_is_not_blacklisted):
(webkit_web_context_add_path_to_sandbox):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r247073 r247076  
     12019-07-02  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Explicitly blacklist problematic directories for sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=199367
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        There are some directories that simply do not make sense to bind into the sandbox
     9        and will only cause issues such as `/proc` so lets just block them.
     10
     11        * UIProcess/API/glib/WebKitWebContext.cpp:
     12        (path_is_not_blacklisted):
     13        (webkit_web_context_add_path_to_sandbox):
     14
    1152019-07-02  Tim Horton  <timothy_horton@apple.com>
    216
  • trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp

    r246353 r247076  
    11861186}
    11871187
     1188static bool pathIsBlacklisted(const char* path)
     1189{
     1190    static const Vector<CString, 4> blacklistedPrefixes = {
     1191        // These are recreated by bwrap and it doesn't make sense to try and rebind them.
     1192        "sys", "proc", "dev",
     1193        "", // All of `/` isn't acceptable.
     1194    };
     1195
     1196    if (!g_path_is_absolute(path))
     1197        return true;
     1198
     1199    GUniquePtr<char*> splitPath(g_strsplit(path, G_DIR_SEPARATOR_S, 3));
     1200    return blacklistedPrefixes.contains(splitPath.get()[1]);
     1201}
     1202
    11881203/**
    11891204 * webkit_web_context_add_path_to_sandbox:
     
    11961211 * add paths after a web process has been spawned.
    11971212 *
     1213 * Paths in directories such as `/sys`, `/proc`, and `/dev` or all of `/`
     1214 * are not valid.
     1215 *
    11981216 * See also webkit_web_context_set_sandbox_enabled()
    11991217 *
     
    12031221{
    12041222    g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context));
    1205     g_return_if_fail(g_path_is_absolute(path));
     1223
     1224    if (pathIsBlacklisted(path)) {
     1225        g_critical("Attempted to add disallowed path to sandbox: %s", path);
     1226        return;
     1227    }
    12061228
    12071229    if (context->priv->processPool->processes().size())
Note: See TracChangeset for help on using the changeset viewer.