denoland-deno

foster/denoland-deno

Fork 0

mirror of https://github.com/denoland/deno.git synced 2024-11-22 15:06:54 -05:00

Commit graph

Author	SHA1	Message	Date
David Sherret	62e952559f	refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508 ) This makes the permission system more versatile.	2024-09-16 21:39:37 +01:00
David Sherret	74fc66da11	fix: lock down allow-run permissions more (#25370 ) `--allow-run` even with an allow list has essentially been `--allow-all`... this locks it down more. 1. Resolves allow list for `--allow-run=` on startup to an absolute path, then uses these paths when evaluating if a command can execute. Also, adds these paths to `--deny-write` 1. Resolves the environment (cwd and env vars) before evaluating permissions and before executing a command. Then uses this environment to evaluate the permissions and then evaluate the command.	2024-09-04 14:51:24 +02:00

Author

SHA1

Message

Date

David Sherret

62e952559f

refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508 )

This makes the permission system more versatile.

2024-09-16 21:39:37 +01:00

David Sherret

74fc66da11

fix: lock down allow-run permissions more (#25370 )

`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.

2024-09-04 14:51:24 +02:00

2 commits