WebKitGTK provides single and multi-process models for applications to use. As a measure to mitigate Spectre-type attacks, the WebKit project has been working on a new feature for the multi-process model (Process Swap On Navigation, PSON) that will create a different process for each web view and switch to a different one upon cross-site navigation. The old single-process model is now considered a security risk, and the existing process limiting APIs have been completely disabled. Due to the major internal changes that were required for PSON it is not possible to enable those APIs again. For testing and debugging purposes it is however still possible to force the single-process model. The way to do it is by setting the WEBKIT_USE_SINGLE_WEB_PROCESS=1 environment variable early in the application code. Most WebKitGTK applications already work in both modes, but there are cases that have some issues when running in multi-process mode and need to be patched to work correctly with WebKitGTK 2.26. Potentially affected applications are the ones that: - use the web process extensions API, and - never set the multi-process model, and - use more than one web view of the same web context that are unrelated (see [1]), and - use the page id to identify the web extension process We have checked which applications meet all these requirements, and we have found only two: - Evolution: it has already been fixed in master and 3.34 branch by properly implementing the multi-process model. Previous versions are affected[2] and need to be patched. - Geary: it is not actually broken, but the memory consumption might be too high when displaying long conversations. This is because Geary uses a different web view for every message in the same conversation. They plan to switch to using related views, but for now the environment variable approach has been used upstream. We propose two solutions for being able to use WebKitGTK 2.26 without having to switch to the most recent versions of the affected apps: - The first one is to patch those apps so they set the aforementioned environment variable. - The second one, perhaps simpler for LTS distributions, is to patch WebKitGTK so it detects whether the running app is one of the affected ones and sets the single-process model automatically. We are providing a patch that does exactly that (see the attached file). We would like to apologize for the inconveniences, and we are available through our usual contact channels for help and answering any questions (see https://webkitgtk.org for more information). Best regards, Alberto Garcia on behalf of the WebKitGTK team [1] https://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebView.html#WebKitWebView--related-view [2] https://bugs.webkit.org/show_bug.cgi?id=201033
Attachment:
webkitgtk.diff
Description: Text Data