Title: [255824] trunk/Source/WebCore
- Revision
- 255824
- Author
- [email protected]
- Date
- 2020-02-05 10:06:02 -0800 (Wed, 05 Feb 2020)
Log Message
[GTK] Cannot perform most local loads with sandbox enabled
https://bugs.webkit.org/show_bug.cgi?id=202071
Patch by Michael Catanzaro <[email protected]> on 2020-02-05
Reviewed by Carlos Garcia Campos.
SecurityOrigin::canDisplay is improperly checking whether the target file URL points to a
file on the same "volume" (mount point) as the source file. That can't happen here because
this code is running in the web process, but only the network process has access to the
unsandboxed filesystem. This code can only check whether the target file exists within the
sandbox's mount namespace, but that's not what we want to do because we're not going to load
that file, we're going to ask the network process to load the file with the same path
outside the mount namespace.
We can probably live without this check. But if bringing it back is desired, it has to be
done someplace totally different, in network process code rather than web process code.
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canDisplay const):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (255823 => 255824)
--- trunk/Source/WebCore/ChangeLog 2020-02-05 17:48:08 UTC (rev 255823)
+++ trunk/Source/WebCore/ChangeLog 2020-02-05 18:06:02 UTC (rev 255824)
@@ -1,3 +1,24 @@
+2020-02-05 Michael Catanzaro <[email protected]>
+
+ [GTK] Cannot perform most local loads with sandbox enabled
+ https://bugs.webkit.org/show_bug.cgi?id=202071
+
+ Reviewed by Carlos Garcia Campos.
+
+ SecurityOrigin::canDisplay is improperly checking whether the target file URL points to a
+ file on the same "volume" (mount point) as the source file. That can't happen here because
+ this code is running in the web process, but only the network process has access to the
+ unsandboxed filesystem. This code can only check whether the target file exists within the
+ sandbox's mount namespace, but that's not what we want to do because we're not going to load
+ that file, we're going to ask the network process to load the file with the same path
+ outside the mount namespace.
+
+ We can probably live without this check. But if bringing it back is desired, it has to be
+ done someplace totally different, in network process code rather than web process code.
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canDisplay const):
+
2020-02-05 Commit Queue <[email protected]>
Unreviewed, rolling out r255818.
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (255823 => 255824)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2020-02-05 17:48:08 UTC (rev 255823)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2020-02-05 18:06:02 UTC (rev 255824)
@@ -368,7 +368,7 @@
if (url.pathEnd() > maximumURLSize)
return false;
-#if !PLATFORM(IOS_FAMILY)
+#if !PLATFORM(IOS_FAMILY) && !ENABLE(BUBBLEWRAP_SANDBOX)
if (m_data.protocol == "file" && url.isLocalFile() && !FileSystem::filesHaveSameVolume(m_filePath, url.fileSystemPath()))
return false;
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
