From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jimmy Aguilar Mena Newsgroups: gmane.emacs.bugs Subject: bug#43071: Enable WebKit sandboxing Date: Thu, 27 Aug 2020 20:14:25 +0200 Message-ID: References: <05668e76-ce5b-0766-471f-0cafa91fd978@cs.ucla.edu> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000d8d02b05addfe805" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7310"; mail-complaints-to="usenet@ciao.gmane.io" Cc: pcr910303@icloud.com, qhong@mit.edu, veshboo@gmail.com, rpluim@gmail.com, 43071@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Aug 27 20:21:53 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kBMX2-0001m6-MW for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 27 Aug 2020 20:21:52 +0200 Original-Received: from localhost ([::1]:41696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kBMX1-0003nQ-Kz for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 27 Aug 2020 14:21:51 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42796) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kBMQQ-0004Ak-Oh for bug-gnu-emacs@gnu.org; Thu, 27 Aug 2020 14:15:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:60593) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kBMQQ-0007Sm-AG for bug-gnu-emacs@gnu.org; Thu, 27 Aug 2020 14:15:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kBMQQ-0005xi-3c for bug-gnu-emacs@gnu.org; Thu, 27 Aug 2020 14:15:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jimmy Aguilar Mena Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 27 Aug 2020 18:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43071 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch X-Debbugs-Original-Cc: Emacs bug reports and feature requests , Qiantan Hong , Jaesup Kwak , Robert Pluim , Sungbin Jo Original-Received: via spool by submit@debbugs.gnu.org id=B.159855209322891 (code B ref -1); Thu, 27 Aug 2020 18:15:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 27 Aug 2020 18:14:53 +0000 Original-Received: from localhost ([127.0.0.1]:43906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kBMQA-0005x2-6c for submit@debbugs.gnu.org; Thu, 27 Aug 2020 14:14:52 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:56848) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kBMQ7-0005wt-0X for submit@debbugs.gnu.org; Thu, 27 Aug 2020 14:14:44 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kBMQ6-0003Kj-PG for bug-gnu-emacs@gnu.org; Thu, 27 Aug 2020 14:14:42 -0400 Original-Received: from mail-ua1-x934.google.com ([2607:f8b0:4864:20::934]:36612) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kBMQ4-0007QD-Qi for bug-gnu-emacs@gnu.org; Thu, 27 Aug 2020 14:14:42 -0400 Original-Received: by mail-ua1-x934.google.com with SMTP id 68so1960162ual.3 for ; Thu, 27 Aug 2020 11:14:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pYeTk1HVIjeR4QW8L316jJU5D9MSM1rfY6NW9BdDFGk=; b=XhvqlQ+WvaL/XyLPU54xysYckMVhNeKeEwo1aP7ZKxxJd+FTTXGLgzpAE6HOrNydDb AhJRPlkdnoubafC76ZSKIigPtr6Q8A25Xu4piBFc9deJfbi75tyxuAE1Hik3Mwhh7pmN DJ6d5BSCAsSIGDatSW5mYY3Kg7jB5DGiQowvjPoDv3FQCCgjY4hymRw9LaALaOHVIaUQ H8yZAgmDozHF7w0/5/Quk0c9m9LwsM7uceQUb7dsPMlqzB+OJbIPQL9w7TE7aH5spnyI l7c6QM+97jrpgSasKV93/lfXOcyAjblEo063fmpNl8+gU9f5Do24z8Pg1jVmesdhCvkx cXiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pYeTk1HVIjeR4QW8L316jJU5D9MSM1rfY6NW9BdDFGk=; b=VgOwOKf98+s+f9nThlgzTUec6TfKyBrb/m7nGGmA8WnXAat22mJ/USAqr/aTaIc0xZ GAS7EtC5SklLEpMY36lsJ97/j0Rkg6wS5MWzUTa1bJ1gDNVjK1jlo1zCHcagJV7dS9bf OWmYSdFOjJtSR98l9tzuesY34IT7Ci7gi0GqcPN7h0KSM1pCCu4SZrjft04AR1qk0sJd x2VPB0wDy6sW9nz27O5DMeZ1hOLPPKhfD3wS+i4ygGts1ZsgnZW913ZFWRYIxABOT91k 601C/JAbGgWk3W6sgxa/kkSTV1zTiVPQpGzk85VCW8jjD8l1pbg7LkFtj4AnjGUREhAX MnTw== X-Gm-Message-State: AOAM530kkksLw59oXGhHaddDU+mO4qZ4oQlEyNyggaD4gnYsQ4p+3iPr Wk/HxwKj02kQNCU8A+fGYYq4rGFoUM1vH04ISqE= X-Google-Smtp-Source: ABdhPJzR7Pe3H3skuHR1TEAr0si73UEsOcCzTEziBSglzAyOP5ngvejwxdMLxLWHuiI2LEFnIYXUJAXkgONwYl5ZRLw= X-Received: by 2002:ab0:74d8:: with SMTP id f24mr8391356uaq.119.1598552079385; Thu, 27 Aug 2020 11:14:39 -0700 (PDT) In-Reply-To: <05668e76-ce5b-0766-471f-0cafa91fd978@cs.ucla.edu> Received-SPF: pass client-ip=2607:f8b0:4864:20::934; envelope-from=kratsbinovish@gmail.com; helo=mail-ua1-x934.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:186552 Archived-At: --000000000000d8d02b05addfe805 Content-Type: text/plain; charset="UTF-8" It looks fine for me. Maybe it should be added as a security patch for the 27.* branch. On Thu, 27 Aug 2020 at 15:14, Paul Eggert wrote: > Qiantan Hong suggested that Emacs should enable sandboxing in WebKit, for > all > the usual security reasons. (Thanks, Qiantan!) > > Attached is a proposed patch to implement that suggestion; it's a bit > fancier > than what Qiantan originally proposed in > because it > checks > that WebKit 2.26 or later is in use, and it avoids a duplicate call to > webkit_web_context_get_default. I'm cc'ing this to Qiantan and to other > recent > committers to xwidget.c, to get their opinions. > --000000000000d8d02b05addfe805 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
It looks fine for me.

Maybe it should b= e added as a security patch for the 27.* branch.

On Thu, 27 Aug 2020 = at 15:14, Paul Eggert <eggert@cs.u= cla.edu> wrote:
Qiantan Hong suggested that Emacs should enable sandboxing in WebKit= , for all
the usual security reasons. (Thanks, Qiantan!)

Attached is a proposed patch to implement that suggestion; it's a bit f= ancier
than what Qiantan originally proposed in
<https://lists.gnu.org/r/emacs-devel/202= 0-08/msg00896.html> because it checks
that WebKit 2.26 or later is in use, and it avoids a duplicate call to
webkit_web_context_get_default. I'm cc'ing this to Qiantan and to o= ther recent
committers to xwidget.c, to get their opinions.
--000000000000d8d02b05addfe805--