PluginProcess deny file-read-data /Network/Library under addVolumeTra…

…cker https://bugs.webkit.org/show_bug.cgi?id=117965 <rdar://problem/14121247> Patch by Simon Cooper <scooper@apple.com> on 2013-06-24 Reviewed by Alexey Proskuryakov. Silently deny reading /Network/Applications and /Network/Library. * Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb: Canonical link: https://commits.webkit.org/136097@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@151950 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Jun 25, 2013 · 4a00e7f · 4a00e7f
1 parent 6f30292
commit 4a00e7f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
@@ -1,3 +1,16 @@
+2013-06-24  Simon Cooper  <scooper@apple.com>
+
+        PluginProcess deny file-read-data /Network/Library under addVolumeTracker
+        https://bugs.webkit.org/show_bug.cgi?id=117965
+        <rdar://problem/14121247>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Silently deny reading /Network/Applications and 
+        /Network/Library.
+
+        * Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb:
+
 2013-06-24  Kangil Han  <kangil.han@samsung.com>
 
         Adopt is/toHTMLFormElement for code cleanup

diff --git a/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb b/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb
@@ -300,6 +300,8 @@
 
 ;; Silently block access to some resources
 (deny file-read* file-write* (with no-log)
+    (subpath "/Network/Library")
+    (subpath "/Network/Applications")
     (home-library-preferences-regex #"/com\.apple\.internetconfig(priv)?\.plist")
 
     ;; FIXME: Should be removed after <rdar://problem/9422957> is fixed.