1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-01 16:51:13 -05:00
denoland-deno/cli/tests
Matt Mastracci 5d7ebea99f
fix(cli): harden permission stdio check (#21778)
Harden the code that does permission checks to protect against
re-opening of stdin.

Code that runs FFI is vulnerable to an attack where fd 0 is closed
during a permission check and re-opened with a file that contains a
positive response (ie: `y` or `A`). While FFI code is dangerous in
general, we can make it more difficult for FFI-enabled code to bypass
additional permission checks.

- Checks to see if the underlying file for stdin has changed from the
start to the end of the permission check (detects races)
- Checks to see if the message is excessively long (lowering the window
for races)
- Checks to see if stdin and stderr are still terminals at the end of
the function (making races more difficult)
2024-01-04 20:34:54 +01:00
..
integration fix(cli): harden permission stdio check (#21778) 2024-01-04 20:34:54 +01:00
node_compat chore: update copyright to 2024 (#21753) 2024-01-04 20:34:51 +01:00
testdata fix(cli): harden permission stdio check (#21778) 2024-01-04 20:34:54 +01:00
unit fix(cli): make signals tests more reliable (#21772) 2024-01-04 20:34:54 +01:00
unit_node fix(node/zlib): accept dataview and buffer in zlib bindings (#21756) 2024-01-04 20:34:54 +01:00
integration_tests.rs chore: update copyright to 2024 (#21753) 2024-01-04 20:34:51 +01:00