[webkit-changes] [WebKit/WebKit] ee5ff6: [macOS] Block Mach lookup sandbox extension in the...

Per Arne Vollan Fri, 28 Feb 2025 12:08:23 -0800

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ee5ff6e8c350a8bd4b8820a96f598d46ca049717
      
https://github.com/WebKit/WebKit/commit/ee5ff6e8c350a8bd4b8820a96f598d46ca049717
  Author: Per Arne Vollan <pvol...@apple.com>
  Date:   2025-02-28 (Fri, 28 Feb 2025)


  Changed paths:
    M Source/WebKit/Scripts/process-entitlements.sh
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

  Log Message:
  -----------
  [macOS] Block Mach lookup sandbox extension in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=288825
rdar://145847470

Reviewed by Sihui Liu.

Block Mach lookup sandbox extension in the WebContent process by adding extra 
conditions to the sandbox rule.
Unless a specific injected bundle is being used, this Mach lookup will be 
blocked.

* Source/WebKit/Scripts/process-entitlements.sh:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
* Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:

Canonical link: https://commits.webkit.org/291355@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] ee5ff6: [macOS] Block Mach lookup sandbox extension in the...

Reply via email to