mirror of
https://github.com/denoland/deno.git
synced 2024-12-22 07:14:47 -05:00
fix(runtime): allow r/w access to /etc without --allow-all (#23718)
This is not a special path that can be used to escalate or bypass Deno permissions, such as `--allow-env`.
This commit is contained in:
parent
e7a2317f5a
commit
f3cc760f2f
2 changed files with 1 additions and 10 deletions
|
@ -1691,19 +1691,10 @@ impl PermissionsContainer {
|
|||
self.check_was_allow_all_flag_passed().map_err(error_all)?;
|
||||
}
|
||||
}
|
||||
if path.starts_with("/etc") {
|
||||
self.check_was_allow_all_flag_passed().map_err(error_all)?;
|
||||
}
|
||||
} else if cfg!(unix) {
|
||||
if path.starts_with("/dev") {
|
||||
self.check_was_allow_all_flag_passed().map_err(error_all)?;
|
||||
}
|
||||
if path.starts_with("/etc") {
|
||||
self.check_was_allow_all_flag_passed().map_err(error_all)?;
|
||||
}
|
||||
if path.starts_with("/private/etc") {
|
||||
self.check_was_allow_all_flag_passed().map_err(error_all)?;
|
||||
}
|
||||
} else if cfg!(target_os = "windows") {
|
||||
fn is_normalized_windows_drive_path(path: &Path) -> bool {
|
||||
let s = path.as_os_str().as_encoded_bytes();
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
const testCases = [
|
||||
// Allowed, safe
|
||||
[["darwin", "linux"], null, "/dev/null"],
|
||||
[["darwin", "linux"], null, "/etc/passwd"],
|
||||
// Denied, requires `--allow-all`
|
||||
[["darwin", "linux"], /PermissionDenied/, "/etc/hosts"],
|
||||
[["darwin", "linux"], /PermissionDenied/, "/dev/ptmx"],
|
||||
[["linux"], /PermissionDenied/, "/proc/self/environ"],
|
||||
[["linux"], /PermissionDenied/, "/proc/self/mem"],
|
||||
|
|
Loading…
Reference in a new issue