mirror of
https://github.com/denoland/deno.git
synced 2024-12-28 10:09:20 -05:00
00970daea2
Harden the code that does permission checks to protect against re-opening of stdin. Code that runs FFI is vulnerable to an attack where fd 0 is closed during a permission check and re-opened with a file that contains a positive response (ie: `y` or `A`). While FFI code is dangerous in general, we can make it more difficult for FFI-enabled code to bypass additional permission checks. - Checks to see if the underlying file for stdin has changed from the start to the end of the permission check (detects races) - Checks to see if the message is excessively long (lowering the window for races) - Checks to see if stdin and stderr are still terminals at the end of the function (making races more difficult)
1 line
28 B
TypeScript
1 line
28 B
TypeScript
Deno.open("a".repeat(1e5));
|