Modified: releases/WebKitGTK/webkit-2.36/Source/WebKit/ChangeLog (290433 => 290434)
--- releases/WebKitGTK/webkit-2.36/Source/WebKit/ChangeLog 2022-02-24 16:09:37 UTC (rev 290433)
+++ releases/WebKitGTK/webkit-2.36/Source/WebKit/ChangeLog 2022-02-24 16:09:42 UTC (rev 290434)
@@ -1,3 +1,18 @@
+2022-02-23 Maxim Cournoyer <[email protected]>
+
+ [WPE][GTK] Paths should be canonicalized before calling bwrap
+ https://bugs.webkit.org/show_bug.cgi?id=211131
+
+ Reviewed by Michael Catanzaro.
+
+ * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
+ (WebKit::bindSymlinksRealPath): Relocate earlier in file,
+ add a 'bindOption' argument and use FileSystem::realPath instead
+ of realpath from the standard C library.
+ (WebKit::bindIfExists): Use the modified above procedure to
+ canonicalize the source path, and avoid adding bind mounts for
+ locations under /etc.
+
2022-02-23 Liliana Marie Prikler <[email protected]>
Bubblewrap launcher doesn't bind font locations from XDG_DATA_DIRS
Modified: releases/WebKitGTK/webkit-2.36/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (290433 => 290434)
--- releases/WebKitGTK/webkit-2.36/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2022-02-24 16:09:37 UTC (rev 290433)
+++ releases/WebKitGTK/webkit-2.36/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp 2022-02-24 16:09:42 UTC (rev 290434)
@@ -27,7 +27,6 @@
#include <seccomp.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
-#include <unistd.h>
#include <wtf/FileSystem.h>
#include <wtf/UniStdExtras.h>
#include <wtf/glib/GRefPtr.h>
@@ -165,6 +164,15 @@
Device,
};
+static void bindSymlinksRealPath(Vector<CString>& args, const char* path, const char* bindOption = "--ro-bind")
+{
+ WTF::String realPath = FileSystem::realPath(path);
+ if (path != realPath) {
+ CString rpath = realPath.utf8();
+ args.appendVector(Vector<CString>({ bindOption, rpath.data(), rpath.data() }));
+ }
+}
+
static void bindIfExists(Vector<CString>& args, const char* path, BindFlags bindFlags = BindFlags::ReadOnly)
{
if (!path || path[0] == '\0')
@@ -177,7 +185,16 @@
bindType = "--ro-bind-try";
else
bindType = "--bind-try";
- args.appendVector(Vector<CString>({ bindType, path, path }));
+
+ // Canonicalize the source path, otherwise a symbolic link could
+ // point to a location outside of the namespace.
+ bindSymlinksRealPath(args, path, bindType);
+
+ // As /etc is exposed wholesale, do not layer extraneous bind
+ // directives on top, which could fail in the presence of symbolic
+ // links.
+ if (!g_str_has_prefix(path, "/etc/"))
+ args.appendVector(Vector<CString>({ bindType, path, path }));
}
static void bindDBusSession(Vector<CString>& args, bool allowPortals)
@@ -415,17 +432,6 @@
}));
}
-static void bindSymlinksRealPath(Vector<CString>& args, const char* path)
-{
- char realPath[PATH_MAX];
-
- if (realpath(path, realPath) && strcmp(path, realPath)) {
- args.appendVector(Vector<CString>({
- "--ro-bind", realPath, realPath,
- }));
- }
-}
-
// Translate a libseccomp error code into an error message. libseccomp
// mostly returns negative errno values such as -ENOMEM, but some
// standard errno values are used for non-standard purposes where their
