mirror of
https://github.com/denoland/deno.git
synced 2024-11-22 15:06:54 -05:00
00970daea2
Harden the code that does permission checks to protect against re-opening of stdin. Code that runs FFI is vulnerable to an attack where fd 0 is closed during a permission check and re-opened with a file that contains a positive response (ie: `y` or `A`). While FFI code is dangerous in general, we can make it more difficult for FFI-enabled code to bypass additional permission checks. - Checks to see if the underlying file for stdin has changed from the start to the end of the permission check (detects races) - Checks to see if the message is excessively long (lowering the window for races) - Checks to see if stdin and stderr are still terminals at the end of the function (making races more difficult) |
||
|---|---|---|
| .. | ||
| integration | ||
| node_compat | ||
| testdata | ||
| unit | ||
| unit_node | ||
| integration_tests.rs | ||