[3] WebContent sandbox bypass for local file reads
Severity: High | Component: WebKit WebProcess loader / NetworkProcess resource load parameters | dfe2e0e
Rated High because the observable effect is arbitrary local file reads from the WebContent process via the Networking process — the sandbox extension creation failure was silently ignored, and the Networking process's broader file access is a well-established architectural property of WebKit's multi-process model.
The WebContent process should not start local file loads for files it cannot access. Before this fix, it could, because the Networking process would service the load regardless.
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
- void NetworkResourceLoadParameters::createSandboxExtensionHandlesIfNecessary()
+ bool NetworkResourceLoadParameters::createSandboxExtensionHandlesIfNecessary()
{
...
if (request.url().protocolIsFile()) {
...
if (auto handle = SandboxExtension::createHandle(request.url().fileSystemPath(), SandboxExtension::Type::ReadOnly))
resourceSandboxExtension = WTF::move(*handle);
}
+ return resourceSandboxExtension.has_value();
}
+ return true;
}
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
- loadParameters.createSandboxExtensionHandlesIfNecessary();
+ if (!loadParameters.createSandboxExtensionHandlesIfNecessary()) {
+ RunLoop::mainSingleton().dispatch([resourceLoader = Ref { resourceLoader }, error = blockedError(request)] {
+ resourceLoader->didFail(error);
+ });
+ return;
+ }
Patch Details
The fix changes createSandboxExtensionHandlesIfNecessary() from void to bool, returning false when the request is a file:// URL and the WebContent process fails to create a sandbox extension handle. In WebLoaderStrategy::scheduleLoadFromNetworkProcess, the return value is now checked — if false, the load is immediately failed with a blockedError before the request reaches the Networking process.
Missing access-control enforcement at the IPC boundary between WebContent and Networking processes for local file loads.
Background
WebKit's multi-process architecture splits work between a sandboxed WebContent process (which renders pages) and a Networking process (which handles network and file I/O). The WebContent process has a restrictive sandbox that limits file system access. When the WebContent process needs to load a file:// URL, it must create a SandboxExtension handle — a capability token granting the Networking process permission to read that specific file on the WebContent process's behalf. SandboxExtension::createHandle succeeds only if the calling process itself has access to the file. The Networking process runs with broader file system access than the WebContent process, as it must handle downloads, cookie storage, and cache files across all origins.
Analysis
This is a classic confused-deputy pattern at an IPC boundary. Before the fix, createSandboxExtensionHandlesIfNecessary() returned void. When the WebContent process requested a file:// URL it could not access, SandboxExtension::createHandle would fail and resourceSandboxExtension would remain empty — but the load proceeded anyway, forwarding the request to the Networking process without a sandbox extension. The Networking process, which runs with broader file system access, would then read the file and return its contents to the WebContent process. The access check existed in form (the extension creation was attempted) but its failure was silently ignored.
Aa Aaaaaaaa Aaaa Aaaaaa Aaaaaaaaa Aa a Aaaaaaaaaa Aaaaaaa Aaaaaa Aaa a Aaaaaaaa Aaa Aa a Aaaaaaaaaaa Aaaa Aaaa Aaaaaaaaa Aaaaaaa Aaaaa Aaaaaaaaa a Aaaaaaaaa Aaa Aaaaaaaa Aa a Aaaaaaaaa Aaaaa Aaaaa Aaa Aaaaaaaaaa Aaaaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aa Aaaaaa Aa Aaaaaaaaa Aaaaaaaa Aaa Aaaaaaaaaa Aaaaaaa Aaaaa Aaaaaaaa Aaa Aaa Aaaa Aaaaaaaa Aa Aaa Aaaaaaaaaa Aaaaaaaa Aaa Aaaaaaaaaa Aaaaaaaa Aaaaaa Aaaaaaa Aaaaaaa Aaaaa Aaa Aaaa Aaa Aaaaaaa Aaa Aaaaaaaaa Aaaaaaaa Aaaa Aaaaaaaaaaaa Aaaaaaaa Aaaa Aaaaaaaa Aa Aa Aaaaaaaaaaaaaaaaaaa Aaaaaa Aaa Aaa Aaaa Aaaaaaaaaa Aaaaaaaaa Aaaa Aaaaa Aaaaa a Aaaaaaaa Aaaaa Aaaa Aaaaaaaaaa Aaaaaaaaaa
Aaaa Aaaaaaaaaaaaa Aaaaaaa Aaa Aaaaaaaaaaa Aaaaaaaaa Aaaaaaaa Aa Aaa Aaaaaaaaaa Aaaaaaa Aaaaaaaa Aaa Aaaaaaa Aaaaa Aaaaaaa Aaa Aaaaaaaaaa Aaaaaaa Aaa Aaaa Aaaaaa Aaaaa Aaaaa Aa Aaa Aaaa Aaaaaaaaaa Aaaaaaa Aaaaaa Aa Aaa Aaaaaaa Aaaaaaaaaaa Aaaaaa Aaa Aaaa Aaa Aaaaaaaaa Aaa Aaaa Aaaaaaaaa Aa Aaa Aaaaaaaaaa Aaaaaaa Aaaaa Aa Aaaaaaaa Aa Aaa Aaaaaaaaaa Aaaaaaa Aaaaaaaaaa Aa Aaa Aaaaaaaaaa Aaaaaaaaa Aaaaaa Aaaa Aaaaaa Aaaaaaaaaaaa Aaaaaaaaa Aaa Aaaaaaaaaa Aaaaaaaaa Aaaaaaaaaaa Aaaaaaaaaaaaa
Aaa Aaaaaa Aaaaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa a Aaaaaaa Aaaa Aaaa Aaaa Aaaaaa Aaa Aaaaaa Aaaaa Aa Aaaaa Aaaaaaaaaaaaa Aa Aaa Aaaa Aaaaa Aa Aaaa
Aaaaaaaaa Aaa Aaaaaaaaaa Aaaaaaaaa Aaaaaaa Aaaa Aaaaaa Aaaaaa Aa a Aaaaaaaaaaaaaaaa Aaaaaaaaaaaaa Aaaaaaaa Aa Aaaaaaa Aaa Aaaa Aaaaaa Aaaaaaaaa Aa Aaaaaaaa Aaaaaaa Aa Aaa Aaaaa
🔒Explores the cross-process trust model and how silent failure at a sandbox boundary creates an exploitable file-read primitive
Subscribe to read more
Audit directions
a Aaaaa Aaaaaaa Aaaa Aaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaaaaaa Aaa Aaaaaa Aaaaaaa Aaa Aaaa Aaa Aaaa Aaaaaaa Aaaaaaa Aaa Aaaaaa Aaaaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaa Aaaaaaa Aaaaaa Aaaaaaa Aaaa Aaaa Aaaa Aaaa Aaaaa Aaa Aaaa Aaaaaa Aaa Aaaa Aaa Aaaaa Aaaaaaa Aaaaaa Aaa Aaaaaaaaaa Aaaa Aaaaaaa Aaaaa Aa Aaa Aaaaaaaaaa Aaaaaaa Aaaaaaa Aaaaaaaaaa Aaaaaaa Aaaaaaaaa Aaaaaaaaa
a Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa a Aaaaaaaaa Aaaaaaa Aaaaaaaaa Aa Aaaaaaaaa Aa a Aaaaaaaaaaaaaaa Aaaaaaa Aaaaaaa Aaaaaaa Aa Aaa Aaa Aaaaa Aa Aaaaaaa Aaaa Aaaaaaaaaaaa Aaaaa Aaaaa Aaa Aaaaaaaa Aaaa Aaaaaaaaaa Aa Aaaaaaaaaaaaaa Aaaa Aaaaaaaaaaa Aaaa Aaaaa Aaaaaaa Aaaaaaaaaa a Aaaaa Aaaaaaa Aaa Aaaaaaa Aaaa Aaaaaaaa Aaaa Aaaaaaaaa Aaaaaaaa Aaaaaaaaa Aaaaaa Aaaaaaaaaaa Aaa Aaaaaaaa Aaaaa Aaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaa Aaaa Aaa Aaaaaaaaaaaaaaaaaa Aaaaaaaaaaa
a Aaaaaaaa Aaaaaaa Aa Aaaaaaaaaaaaaaaa Aaaaaaaaaaa Aaa Aaaa Aaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaaaaaaa Aaa Aaa Aaaaaa Aaaaaaaa Aaaaaaa Aaa Aaaaaaaaa Aa a Aaaaaaaaa Aaaaaaa Aaaaaaa Aaaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaa Aaaaaaaaaa Aaaa Aaa Aaaaaa Aaaa Aaa Aaaaaaa Aaaaa Aaaaaaa Aa a Aaaa Aaaaa Aaa Aaaaaaaaaaaaaaaaaa Aaaaaaaaaaa
🔒Multiple audit patterns identified around IPC sandbox extension validation, with concrete call sites and search targets
Subscribe to read more