Security: Blob file entries aren't checked against security policy |
|||||||||||||||||
Issue descriptionDuring a refactor we accidentally removed this check: https://codereview.chromium.org/1234813004/diff/1030001/content/browser/fileapi/fileapi_message_filter.cc VULNERABILITY DETAILS Previously we checked if any file item added to a blob was in the security polity for that process. We removed this in refactor. This adds it back. VERSION Chrome Version: 51.0.2695.0 Operating System: all
,
Aug 5 2016
,
Aug 5 2016
,
Aug 9 2016
,
Aug 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f commit a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f Author: dmurph <dmurph@chromium.org> Date: Mon Aug 15 19:16:37 2016 [BlobStorage] Added back security policy for files in blobs BUG= 634557 Review-Url: https://codereview.chromium.org/2214293002 Cr-Commit-Position: refs/heads/master@{#412013} [modify] https://crrev.com/a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f/content/browser/blob_storage/blob_dispatcher_host.cc [modify] https://crrev.com/a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f/content/browser/blob_storage/blob_dispatcher_host.h [modify] https://crrev.com/a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f/content/browser/blob_storage/blob_dispatcher_host_unittest.cc [modify] https://crrev.com/a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f/content/browser/renderer_host/render_process_host_impl.cc
,
Aug 15 2016
,
Aug 15 2016
Since this is a security issue for file reading, we need a merge to beta and stable.
,
Aug 15 2016
[Automated comment] Request affecting a post-stable build (M52), manual review required.
,
Aug 15 2016
Your change meets the bar and is auto-approved for M53 (branch: 2785)
,
Aug 15 2016
Please merge your change by today 5:00 PM PT so we can take it in for this week Beta release. Thank you.
,
Aug 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ba568f7a0d13e8e97bee0d98b860b1f04ea82396 commit ba568f7a0d13e8e97bee0d98b860b1f04ea82396 Author: Daniel Murphy <dmurph@chromium.org> Date: Mon Aug 15 22:23:31 2016 [BlobStorage] Added back security policy for files in blobs BUG= 634557 Review-Url: https://codereview.chromium.org/2214293002 Cr-Commit-Position: refs/heads/master@{#412013} (cherry picked from commit a85b6e5f4d01bf0593612d0552d0c7a1ad7bc87f) Review URL: https://codereview.chromium.org/2245273002 . Cr-Commit-Position: refs/branch-heads/2785@{#612} Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382} [modify] https://crrev.com/ba568f7a0d13e8e97bee0d98b860b1f04ea82396/content/browser/blob_storage/blob_dispatcher_host.cc [modify] https://crrev.com/ba568f7a0d13e8e97bee0d98b860b1f04ea82396/content/browser/blob_storage/blob_dispatcher_host.h [modify] https://crrev.com/ba568f7a0d13e8e97bee0d98b860b1f04ea82396/content/browser/blob_storage/blob_dispatcher_host_unittest.cc [modify] https://crrev.com/ba568f7a0d13e8e97bee0d98b860b1f04ea82396/content/browser/renderer_host/render_process_host_impl.cc
,
Aug 16 2016
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 17 2016
,
Aug 18 2016
+awhalley as FYI. No more M52 releases planned AFAIK and this is only a security severity medium, so I'm rejecting the merge; holler if you have any concerns.
,
Aug 26 2016
,
Sep 14 2016
,
Nov 22 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 25 2018
,
Jun 15 2018
,
Jun 15 2018
|
|||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||
Comment 1 by raymes@chromium.org
, Aug 5 2016Labels: Security_Severity-Medium Security_Impact-Stable