foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-22 15:06:54 -05:00
Code Issues Packages 1 Wiki Activity
12670 commits 128 branches 353 tags 300 MiB
Commit graph

5 commits

Author SHA1 Message Date
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508) 
This makes the permission system more versatile.
 2024-09-16 21:39:37 +01:00
Luca Casonato
7bfcb4dd10
feat(cli): use NotCapable error for permission errors (#25431) 
Closes #7394

---------

Co-authored-by: snek <snek@deno.com>
 2024-09-10 11:12:24 -07:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370) 
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
 2024-09-04 14:51:24 +02:00
David Sherret
c6793f52b9
fix(permissions): disallow any LD_ or DYLD_ prefixed env var without full --allow-run permissions (#25271) 
Follow up to https://github.com/denoland/deno/pull/25221

I looked into what the list was and it was quite extensive, so I think
as suggested in
https://github.com/denoland/deno/issues/11964#issuecomment-2314585135 we
should disallow this for any `LD_` prefixed env var.
 2024-08-28 21:11:37 -04:00
David Sherret
1a6fd38f2f
fix(permissions): disallow launching subprocess with LD_PRELOAD env var without full run permissions (#25221) 
Ref https://github.com/denoland/deno/pull/25215

Closes https://github.com/denoland/deno/issues/11964
 2024-08-27 22:03:09 -04:00