permission: propagate permission model flags on spawn #58853
Conversation
|
Review requested:
|
nodejs-github-bot
added
child_process
|
Since |
RafaelGSS
added
the
semver-minor
RafaelGSS
force-pushed
the
inherit-pm-to-child-process
branch
from
a397ace to
ecf6a03
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #58853 +/- ##
==========================================
- Coverage 90.11% 90.07% -0.04%
==========================================
Files 640 640
Lines 188363 188485 +122
Branches 36931 36965 +34
==========================================
+ Hits 169739 169784 +45
- Misses 11341 11390 +49
- Partials 7283 7311 +28
🚀 New features to boost your workflow:
|
RafaelGSS
added
request-ci
|
The
notable-change
Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section. |
|
Adding notable-change label as it will impact current users of |
github-actions
bot
removed
the
request-ci
RafaelGSS
force-pushed
the
inherit-pm-to-child-process
branch
from
ecf6a03 to
29b915a
Compare
|
|
||
| function copyPermissionModelFlagsToEnv(env, key, args) { | ||
| // Do not override if permission was already passed to file | ||
| if (args.includes('--permission') || (env[key] && env[key].indexOf('--permission') !== -1)) { |
There was a problem hiding this comment.
You can simplify this expression a bit with...
env?.[key]?.indexOf(...)There was a problem hiding this comment.
How? We need to compare the result with !== -1 and also handle the case when the key is undefined. Leaving it as env?.[key]?.indexOf('--permission') might return 0, which is truthy in this case, so I don't see how using env?.[key]?.indexOf(...) would simplify this.
There was a problem hiding this comment.
I think it's possible with the dark arts:
if (!~env?.[key]?.indexOf('--permission'))if (!~undefined) // no match
if (!~-1) // match
if (!~0) // no match
if (!~1) // no matchNot saying you should do this, but you can.
There was a problem hiding this comment.
I don't think you are correct
!~({'foo': '--permission'})?.['foo'].indexOf('--permission') // false
!~({'foo': '--permission'})?.['foo2']?.indexOf('--permission') // false
({'foo': '--permission'})?.['foo'].indexOf('--permission') // 0
There was a problem hiding this comment.
the problem is ~undefined returns -1 which is truthy (just like when it is being found), so ~ doesnt work well in this case. I had the same thought
Previously, only child_process.fork propagated the exec arguments (execvArgs) to the child process. This commit adds support for spawn and spawnSync to propagate permission model flags — except when they are already provided explicitly via arguments or through NODE_OPTIONS. Signed-off-by: RafaelGSS <[email protected]>
RafaelGSS
force-pushed
the
inherit-pm-to-child-process
branch
from
29b915a to
1f5354a
Compare
|
PTAL @nodejs/security-wg |
RafaelGSS
added
the
author ready
| '--allow-fs-read', | ||
| '--allow-fs-write', | ||
| '--allow-addons', | ||
| '--allow-child-process', | ||
| '--allow-net', | ||
| '--allow-wasi', | ||
| '--allow-worker', |
There was a problem hiding this comment.
nit: If sequence doesn't matter, I think it would be better (grokability) to alphabetise them.
| for (const arg of process.execArgv) { | ||
| for (const flag of flagsToCopy) { | ||
| if (arg.startsWith(flag)) { | ||
| env[key] = `${env[key] ? env[key] + ' ' + arg : arg}`; |
There was a problem hiding this comment.
Is this a safe operation? I mean, if I do something like node --permission --allow-fs-read="/tmp" --allow-fs-write=a\ --allow-fs-read="/home" -e 'console.log(process.execArgv)'
There was a problem hiding this comment.
Yes. That works as expected. See:
const { spawnSync } = require('node:child_process')
const out = spawnSync(process.execPath, ['-p', '1 + 1'], { env: {
'NODE_DEBUG_NATIVE': 'PERMISSION_MODEL'
} })
console.log(out.status)
console.log(out.stdout.toString())0
Inserting /tmp/*
Inserting /home/*
Inserting /Users/rafaelgss/repos/os/node/a
In any case, escaping characters is the user's responsibility, so I wouldn't worry much about it.
There was a problem hiding this comment.
Hm... I thought "\ " was not allowed, but it seems it is.
RafaelGSS
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 8173d9d |
Previously, only child_process.fork propagated the exec arguments (execvArgs) to the child process. This commit adds support for spawn and spawnSync to propagate permission model flags — except when they are already provided explicitly via arguments or through NODE_OPTIONS. Signed-off-by: RafaelGSS <[email protected]> PR-URL: #58853 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Ulises Gascón <[email protected]>
Notable changes: crypto: * (SEMVER-MINOR) support outputLength option in crypto.hash for XOF functions (Aditi) #58121 doc: * (SEMVER-MINOR) add all watch-mode related flags to node.1 (Dario Piotrowicz) #58719 fs: * (SEMVER-MINOR) add disposable mkdtempSync (Kevin Gibbons) #58516 permission: * (SEMVER-MINOR) propagate permission model flags on spawn (Rafael Gonzaga) #58853 sqlite: * (SEMVER-MINOR) add support for readBigInts option in db connection level (Miguel Marcondes Filho) #58697 src,permission: * (SEMVER-MINOR) add support to permission.has(addon) (Rafael Gonzaga) #58951 watch: * (SEMVER-MINOR) add `--watch-kill-signal` flag (Dario Piotrowicz) #58719 PR-URL: #58993
Notable changes: crypto: * (SEMVER-MINOR) support outputLength option in crypto.hash for XOF functions (Aditi) #58121 doc: * (SEMVER-MINOR) add all watch-mode related flags to node.1 (Dario Piotrowicz) #58719 fs: * (SEMVER-MINOR) add disposable mkdtempSync (Kevin Gibbons) #58516 permission: * (SEMVER-MINOR) propagate permission model flags on spawn (Rafael Gonzaga) #58853 sqlite: * (SEMVER-MINOR) add support for readBigInts option in db connection level (Miguel Marcondes Filho) #58697 src,permission: * (SEMVER-MINOR) add support to permission.has(addon) (Rafael Gonzaga) #58951 watch: * (SEMVER-MINOR) add `--watch-kill-signal` flag (Dario Piotrowicz) #58719 PR-URL: #58993
Previously, only child_process.fork propagated the exec arguments (execvArgs) to the child process.
This commit adds support for spawn and spawnSync to propagate permission model flags — except when they are already provided explicitly via arguments or through NODE_OPTIONS.