Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to find out what path a program is trying to read? (Deno requests read access to <exec_path>) #19864

Closed
josephrocca opened this issue Jul 18, 2023 · 7 comments
Closed

How to find out what path a program is trying to read? (Deno requests read access to <exec_path>) #19864

josephrocca opened this issue Jul 18, 2023 · 7 comments

Comments

@josephrocca
Copy link
Contributor

I'm trying to use npm:rollbar and I'm running with --allow-read=. (amongst other permissions) but it's trying to read a file outside the current directory, and so it's giving me this:

┌ ⚠️  Deno requests read access to <exec_path>.
├ Requested by `Deno.execPath()` API.
├ Run again with --allow-read to bypass this prompt.
└ Allow? [y/n/A] (y = yes, allow; n = no, deny; A = allow all read permissions)

I'd like to know what file it's trying to read. That might help me report this to the Rollbar devs in case this read isn't really necessary, or they're doing something in a weird way. And ideally in the meantime I could allow access to just that specific path, rather than passing --allow-read, which is dangerous.

Using latest Deno version on Ubuntu 22.04.
@josephrocca josephrocca mentioned this issue Jul 18, 2023
Closed
@sigmaSd
Copy link
Contributor

sigmaSd commented Jul 18, 2023

It's trying to read deno location
you can use console.log(Deno.execPath()) to see the location of deno, and then you can pass that to the cli flags

@josephrocca
Copy link
Contributor Author

Hmm, that seems a bit brittle - I'd have to change cli flags depending on the deployment machine?

Also wondering why it might be asking for this. If it's for some reason a common thing, and there is good reason to need it, then presumably there should be a flag to allow it, for the above-mentioned reason?

@0f-0b
Copy link
Contributor

0f-0b commented Jul 18, 2023

Also wondering why it might be asking for this.

It is probably attempting to read process.argv. By replacing process.argv with a mock object that calls console.trace, it turns out that Rollbar.js attaches this information to the server.argv parameter of a log message.

import process from "node:process";

process.argv = Object.defineProperties([], {
  0: {
    get() {
      console.trace("get process.argv[0]");
      return "/usr/local/bin/deno";
    },
  },
  1: {
    get() {
      console.trace("get process.argv[1]");
      return "/app/main.js";
    },
  },
});

@josephrocca
Copy link
Contributor Author

@0f-0b Thank you!! I'll close this since it's not a problem with Deno. I've made a rollbar issue for this here: rollbar/rollbar.js#1113

@sigmaSd
Copy link
Contributor

sigmaSd commented Jul 18, 2023

This is not a rollbar.js problem, this is just how deno polyfills node process argv

deno/ext/node/polyfills/process.ts

Line 715 in 7e1218c

return Deno.execPath();
, any npm package that needs argv will require the same permission

@josephrocca
Copy link
Contributor Author

@sigmaSd So I guess the best approach (to limit permissions appropriately) here is something like this?

--allow-read=$(which deno)

@sigmaSd
Copy link
Contributor

sigmaSd commented Jul 19, 2023

Yes, I have opened an issue before for an idea to improve this #16766

@alexgleason alexgleason mentioned this issue Aug 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@josephrocca @0f-0b @sigmaSd