Page MenuHomeSolus

Enable subprocess sandboxing for libwebkit-gtk
ClosedPublic

Authored by Jacalz on Nov 30 2019, 2:57 PM.

Details

Summary

Packaging Changes:

  • Build with bubbelwrap sandbox to support running subprocesses in a sandbox. This should (in theory) lead to better web security for applications leveraging libwebkit-gtk.

Depends on D7750

Test Plan
  • Browse different sites to verify that everything works as expected.
  • Verify that performace doesn't regress with running sandboxed compared to running without.

Diff Detail

Repository
R3336 libwebkit-gtk
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Jacalz created this revision.Nov 30 2019, 2:57 PM
Jacalz requested review of this revision.Nov 30 2019, 2:57 PM

Build with bubbelwrap sandbox. This should lead to better web security for applications leveraging webkit-gtk.

So how are we testing that we're actually running these webkit instances in a sandboxed environment?

Jacalz added a comment.Dec 4 2019, 4:13 PM

Build with bubbelwrap sandbox. This should lead to better web security for applications leveraging webkit-gtk.

So how are we testing that we're actually running these webkit instances in a sandboxed environment?

Well, I haven't find any good way to test it. Can't possibly be less secure than without it though.

Jacalz edited the summary of this revision. (Show Details)Dec 4 2019, 4:13 PM
Jacalz retitled this revision from Make libwebkit-gtk sandboxed to Enable subprocess sandboxing for libwebkit-gtk.Dec 5 2019, 6:06 PM
Jacalz edited the summary of this revision. (Show Details)

Build with bubbelwrap sandbox. This should lead to better web security for applications leveraging webkit-gtk.

So how are we testing that we're actually running these webkit instances in a sandboxed environment?

Well, I haven't find any good way to test it. Can't possibly be less secure than without it though.

Well unless you have a way to verifiably ensure it even works in the first place, it isn't any more secure, which is the point of it.

Jacalz added a comment.EditedDec 20 2019, 4:18 PM

@JoshStrobl I have now verified that it is being used by libwebkit-gtk, using pstree. The following picture is without bwrap support:

The next image is with. Notice how WebKitWebProces is a child process of bwrap:

Jacalz added a comment.EditedJan 10 2020, 4:35 PM

Per the comment above, are there any news on getting this merged? 🙂 @JoshStrobl

JoshStrobl accepted this revision.Jan 10 2020, 5:23 PM

Nope, looks good! Sorry for the delay and thanks again for the patch and validation.

This revision is now accepted and ready to land.Jan 10 2020, 5:23 PM
This revision was automatically updated to reflect the committed changes.