Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy: ensure workers do not read fs for policy #25710

Closed
wants to merge 1 commit into from

Conversation

bmeck
Copy link
Member

@bmeck bmeck commented Jan 25, 2019

This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

This prevents a main file of:

// find the file
const policyPath = findPath(process.execArgv);

// rewrite with out new escalated privileges
fs.writeFileSync(policyPath, modifiedPolicy);

// spawn worker to get the modified policy
new Worker(...);
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.
@nodejs-github-bot nodejs-github-bot added process Issues and PRs related to the process subsystem. worker Issues and PRs related to Worker support. labels Jan 25, 2019
@bmeck bmeck requested review from addaleax and joyeecheung January 25, 2019 18:30
@joyeecheung
Copy link
Member

@addaleax
Copy link
Member

@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 28, 2019
@danbev
Copy link
Contributor

danbev commented Jan 29, 2019

Landed in 7898238.

@danbev danbev closed this Jan 29, 2019
targos pushed a commit that referenced this pull request Jan 29, 2019
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: #25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
@targos targos mentioned this pull request Jan 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. process Issues and PRs related to the process subsystem. worker Issues and PRs related to Worker support.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants