Skip to content

Sandbox the portal helper

Michael Catanzaro requested to merge mcatanzaro/sandbox-portal-helper into master

The portal helper is rather sensitive because potentially-hostile Wi-Fi networks can decide to launch it whenever they want (by blocking the user's connection to the nmcheck domain) and load whatever web content they want into it. So having this unsandboxed is really extraordinarily risky. Previously it was a risk we had to accept, because WebKit did not have a web process sandbox, but now it does. So let's bubblewrap all the things!

Warning warning warning: this is a lazy, untested, drive-by MR. I just used the GitLab IDE to throw this together. It's been a couple years since I last contributed to gnome-shell and while eventually I need to spend the effort to get a development environment set up again, that's not going to happen today. So even though it's really simple and should be low-risk, because we don't run any code in the web process and so in theory there's nothing that could break, it still deserves a sanity test before merging, just in case. In particular, it'd be good to verify that the if (WebKit.WebContext.set_sandbox_enabled) check is working properly.

Merge request reports

Loading