foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-21 15:04:11 -05:00
Code Issues Packages 1 Wiki Activity

fix(permissions): say to use --allow-run instead of --allow-all (#26842)

Browse source 
For https://github.com/denoland/deno/issues/26839
This commit is contained in:
David Sherret 2024-11-12 17:14:19 -05:00 committed by GitHub
parent 01f3451869
commit 119910f339
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 17 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
runtime/ops/process.rs
View file

@ -756,14 +756,17 @@ fn check_run_permission(
if !env_var_names.is_empty() { if !env_var_names.is_empty() {
// we don't allow users to launch subprocesses with any LD_ or DYLD_* // we don't allow users to launch subprocesses with any LD_ or DYLD_*
// env vars set because this allows executing code (ex. LD_PRELOAD) // env vars set because this allows executing code (ex. LD_PRELOAD)
return Err(CheckRunPermissionError::Other(deno_core::error::custom_error( return Err(CheckRunPermissionError::Other(
deno_core::error::custom_error(
"NotCapable", "NotCapable",
format!( format!(
"Requires --allow-all permissions to spawn subprocess with {} environment variable{}.", "Requires --allow-run permissions to spawn subprocess with {0} environment variable{1}. Alternatively, spawn with {2} environment variable{1} unset.",
env_var_names.join(", "), env_var_names.join(", "),
if env_var_names.len() != 1 { "s" } else { "" } if env_var_names.len() != 1 { "s" } else { "" },
) if env_var_names.len() != 1 { "these" } else { "the" }
))); ),
),
));
} }
permissions.check_run(cmd, api_name)?; permissions.check_run(cmd, api_name)?;
} }

4
tests/specs/run/ld_preload/env_arg.out
View file

@ -1,8 +1,8 @@
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD] [WILDCARD]
name: "NotCapable" name: "NotCapable"
} }
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD] [WILDCARD]
name: "NotCapable" name: "NotCapable"
} }

4
tests/specs/run/ld_preload/env_arg.ts
View file

@ -1,5 +1,5 @@
try { try {
new Deno.Command("echo", { new Deno.Command("curl", {
env: { env: {
"LD_PRELOAD": "./libpreload.so", "LD_PRELOAD": "./libpreload.so",
}, },
@ -10,7 +10,7 @@ try {
try { try {
Deno.run({ Deno.run({
cmd: ["echo"], cmd: ["curl"],
env: { env: {
"LD_PRELOAD": "./libpreload.so", "LD_PRELOAD": "./libpreload.so",
}, },

4
tests/specs/run/ld_preload/set_with_allow_env.out
View file

@ -1,8 +1,8 @@
NotCapable: Requires --allow-all permissions to spawn subprocess with LD_PRELOAD environment variable. NotCapable: Requires --allow-run permissions to spawn subprocess with LD_PRELOAD environment variable. Alternatively, spawn with the environment variable unset.
[WILDCARD] [WILDCARD]
name: "NotCapable" name: "NotCapable"
} }
NotCapable: Requires --allow-all permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables. NotCapable: Requires --allow-run permissions to spawn subprocess with DYLD_FALLBACK_LIBRARY_PATH, LD_PRELOAD environment variables. Alternatively, spawn with these environment variables unset.
[WILDCARD] [WILDCARD]
name: "NotCapable" name: "NotCapable"
} }