Instead of relying on the implicit _HOME parameter for the sandbox, make WebProcess pass the parameter explicitly. This makes the sandbox behave correctly when the home directory path contains symlink elements.
Created attachment 80859 [details] sandbox-homedir-path
Comment on attachment 80859 [details] sandbox-homedir-path r=me
Comment on attachment 80859 [details] sandbox-homedir-path View in context: https://bugs.webkit.org/attachment.cgi?id=80859&action=review > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > + if (!realpath(getenv("HOME"), homeRealPath)) { Why are we relying on the HOME environment variable rather than using NSHomeDirectory or lower level calls to retrieve the user’s home directory?
Mark is right, please fix that.
Created attachment 80866 [details] sandbox-homedir-path-2
Comment on attachment 80866 [details] sandbox-homedir-path-2 View in context: https://bugs.webkit.org/attachment.cgi?id=80866&action=review > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > + if (!realpath([NSHomeDirectory() UTF8String], homeRealPath)) { Isn't -fileSystemRepresentation more appropriate? > Source/WebKit2/WebProcess/mac/WebProcessMac.mm:142 > + "HOME_DIR", (const char*)homeRealPath, I'm surprised this cast is necessary.
Comment on attachment 80866 [details] sandbox-homedir-path-2 View in context: https://bugs.webkit.org/attachment.cgi?id=80866&action=review >> Source/WebKit2/WebProcess/mac/WebProcessMac.mm:130 > > Isn't -fileSystemRepresentation more appropriate? Not really. -fileSystemRepresentation is generally meant for normalizing programmatically-constructed paths, or making sure that derived paths remain correct during cross-volume operations. This line does neither. >> Source/WebKit2/WebProcess/mac/WebProcessMac.mm:142 >> + "HOME_DIR", (const char*)homeRealPath, > > I'm surprised this cast is necessary. It's not, but follows local style (see tmpRealPath, cacheRealPath below). We can eliminate all the casts in a separate patch if you'd like.
Comment on attachment 80866 [details] sandbox-homedir-path-2 r=me
Comment on attachment 80866 [details] sandbox-homedir-path-2 Rejecting attachment 80866 [details] from commit-queue. ike@apple.com does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
Committed r77610: <http://trac.webkit.org/changeset/77610>