mirror of
https://github.com/denoland/deno.git
synced 2024-12-01 16:51:13 -05:00
5d7ebea99f
Harden the code that does permission checks to protect against re-opening of stdin. Code that runs FFI is vulnerable to an attack where fd 0 is closed during a permission check and re-opened with a file that contains a positive response (ie: `y` or `A`). While FFI code is dangerous in general, we can make it more difficult for FFI-enabled code to bypass additional permission checks. - Checks to see if the underlying file for stdin has changed from the start to the end of the permission check (detects races) - Checks to see if the message is excessively long (lowering the window for races) - Checks to see if stdin and stderr are still terminals at the end of the function (making races more difficult) |
||
---|---|---|
.. | ||
integration | ||
node_compat | ||
testdata | ||
unit | ||
unit_node | ||
integration_tests.rs |