Deno/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-21 20:38:55 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix(permissions): say to use --allow-run instead of --allow-all (#26842)

Browse Source 
For https://github.com/denoland/deno/issues/26839
This commit is contained in:
David Sherret 2024-11-12 17:14:19 -05:00 committed by GitHub
parent 01f3451869
commit 119910f339
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
runtime/ops/process.rs
View File

@ -756,14 +756,17 @@ fn check_run_permission(
if !env_var_names.is_empty() {
// we don't allow users to launch subprocesses with any LD_ or DYLD_*
// env vars set because this allows executing code (ex. LD_PRELOAD)
return Err(CheckRunPermissionError::Other(deno_core::error::custom_error(
"NotCapable",
format!(
"Requires --allow-all permissions to spawn subprocess with {} environment variable{}.",
env_var_names.join(", "),
if env_var_names.len() != 1 { "s" } else { "" }
)
)));
return Err(CheckRunPermissionError::Other(
deno_core::error::custom_error(
"NotCapable",
format!(
"Requires --allow-run permissions to spawn subprocess with {0} environment variable{1}. Alternatively, spawn with {2} environment variable{1} unset.",
env_var_names.join(", "),
if env_var_names.len() != 1 { "s" } else { "" },
if env_var_names.len() != 1 { "these" } else { "the" }
),
),
));
}
permissions.check_run(cmd, api_name)?;
}

4
tests/specs/run/ld_preload/env_arg.out
View File

@ -1,8 +1,8 @@
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD]
name: "NotCapable"
}
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD]
name: "NotCapable"
}

4
tests/specs/run/ld_preload/env_arg.ts
View File

@ -1,5 +1,5 @@
try {
new Deno.Command("echo", {
new Deno.Command("curl", {
env: {
"LD_PRELOAD": "./libpreload.so",
},
@ -10,7 +10,7 @@ try {
try {
Deno.run({
cmd: ["echo"],
cmd: ["curl"],
env: {
"LD_PRELOAD": "./libpreload.so",
},

4
tests/specs/run/ld_preload/set_with_allow_env.out
View File

@ -1,8 +1,8 @@
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable.
NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD]
name: "NotCapable"
}
NotCapable: Requires --allow-all permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables.
NotCapable: Requires --allow-run permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables. Alternatively, spawn with these environment variables unset.
[WILDCARD]
name: "NotCapable"
}