GNU bug report logs - #43071
Enable WebKit sandboxing

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Thu, 27 Aug 2020 13:15:02 UTC

Severity: normal

Tags: patch, security

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#43071: closed (Enable WebKit sandboxing)
Date: Sun, 25 Oct 2020 00:28:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sat, 24 Oct 2020 17:27:08 -0700
with message-id <d0d22eb9-f0f3-27c3-9e12-783c1412ba3a <at> cs.ucla.edu>
and subject line Re: bug#43071: Enable WebKit sandboxing
has caused the debbugs.gnu.org bug report #43071,
regarding Enable WebKit sandboxing
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
43071: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=43071
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Emacs bug reports and feature requests <bug-gnu-emacs <at> gnu.org>
Cc: Robert Pluim <rpluim <at> gmail.com>,
 Jimmy Aguilar Mena <kratsbinovish <at> gmail.com>, Jaesup Kwak <veshboo <at> gmail.com>,
 Qiantan Hong <qhong <at> mit.edu>, Sungbin Jo <pcr910303 <at> icloud.com>
Subject: Enable WebKit sandboxing
Date: Thu, 27 Aug 2020 06:14:37 -0700

[Message part 3 (text/plain, inline)]
Qiantan Hong suggested that Emacs should enable sandboxing in WebKit, for all 
the usual security reasons. (Thanks, Qiantan!)

Attached is a proposed patch to implement that suggestion; it's a bit fancier 
than what Qiantan originally proposed in 
<https://lists.gnu.org/r/emacs-devel/2020-08/msg00896.html> because it checks 
that WebKit 2.26 or later is in use, and it avoids a duplicate call to 
webkit_web_context_get_default. I'm cc'ing this to Qiantan and to other recent 
committers to xwidget.c, to get their opinions.

[0001-Use-WebKit-sandboxing.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Stefan Kangas <stefankangas <at> gmail.com>, 43071-done <at> debbugs.gnu.org
Cc: 44204 <at> debbugs.gnu.org, Qiantan Hong <qhong <at> mit.edu>,
 Jaesup Kwak <veshboo <at> gmail.com>, Robert Pluim <rpluim <at> gmail.com>,
 Jimmy Aguilar Mena <kratsbinovish <at> gmail.com>,
 Sungbin Jo <pcr910303 <at> icloud.com>
Subject: Re: bug#43071: Enable WebKit sandboxing
Date: Sat, 24 Oct 2020 17:27:08 -0700

No further comment, so I installed the WebKit sandboxing patch into the emacs-27 
branch on Savannah 
<https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-27&id=71661b287297f328c2c5ad67e180a760f80850cb>. 
After the next merge from emacs-27 to master, this patch should appear in the 
master branch. I am closing Bug#43071.

While testing the fix, I ran into a problem with xwidgets and filed Bug#44204 
"Emacs --with-xwidgets complains under Ubuntu 20.04" which you can see here:

https://bugs.gnu.org/44204

Has anyone had luck running Emacs --with-xwidgets under Ubuntu 20.04 or later? 
I'll cc. this to 44204 <at> debbugs.gnu.org to try to move that part of the 
discussion there.
This bug report was last modified 4 years and 210 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.