denoland-deno

mirror of https://github.com/denoland/deno.git synced 2024-11-21 15:04:11 -05:00

History

Matt Mastracci 00970daea2 fix(cli): harden permission stdio check (#21778 ) Harden the code that does permission checks to protect against re-opening of stdin. Code that runs FFI is vulnerable to an attack where fd 0 is closed during a permission check and re-opened with a file that contains a positive response (ie: `y` or `A`). While FFI code is dangerous in general, we can make it more difficult for FFI-enabled code to bypass additional permission checks. - Checks to see if the underlying file for stdin has changed from the start to the end of the permission check (detects races) - Checks to see if the message is excessively long (lowering the window for races) - Checks to see if stdin and stderr are still terminals at the end of the function (making races more difficult)	2024-01-04 00:31:39 +01:00
..
mod.rs	chore: update copyright to 2024 (#21753 )	2024-01-01 19:58:21 +00:00
prompter.rs	fix(cli): harden permission stdio check (#21778 )	2024-01-04 00:31:39 +01:00

fix(cli): harden permission stdio check (#21778 )

Harden the code that does permission checks to protect against
re-opening of stdin.

Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.

- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)

2024-01-04 00:31:39 +01:00

mod.rs

chore: update copyright to 2024 (#21753 )

2024-01-01 19:58:21 +00:00

prompter.rs

fix(cli): harden permission stdio check (#21778 )

2024-01-04 00:31:39 +01:00