mirror of
https://github.com/denoland/deno.git
synced 2024-11-28 16:20:57 -05:00
74fc66da11
`--allow-run` even with an allow list has essentially been `--allow-all`... this locks it down more. 1. Resolves allow list for `--allow-run=` on startup to an absolute path, then uses these paths when evaluating if a command can execute. Also, adds these paths to `--deny-write` 1. Resolves the environment (cwd and env vars) before evaluating permissions and before executing a command. Then uses this environment to evaluate the permissions and then evaluate the command. |
||
---|---|---|
.. | ||
path_not_permitted | ||
proc_self_fd | ||
special | ||
write_allow_binary |