-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use minimum system permissions necessary #261
Comments
It's not so easy, for several reasons:
I'd like to simplify this in the near future, when this proposal is implemented: denoland/deno#12763 so you can configure the permissions in the Deno config file. |
Point taken. Then the minimum permissions for most projects would be
After reading this issue, I can't help but feel the current behavior is a big mistake. If my understanding is correct, the lack of support for import maps in And to preempt, I don't think this is bikeshedding. Given that Lume is plugin-based, it's plausible that there will be a long tail of unaudited, untrusted plugins. Why should plugins have exec permissions? Potential (temporary) solutionI haven't thought about this too much... but this came across my mind as a potential solution. This way, only one line of code runs with global permissions, then the {
"importMap": "import_map.json",
"tasks": {
"lume": "deno run --allow-read=./ --allow-write=./ --allow-net=localhost $(deno eval \"console.log(JSON.parse(Deno.readTextFileSync('import_map.json')).imports['lume/'])\")task.ts",
"build": "deno task lume",
"serve": "deno task lume -s"
}
} Of course this would also require changes to |
The use cases are so variable that this is the reason I've decided to run
Restricting the permissions right now can break many sites. I think it's better to let the users configure the permisisions once Deno team implements permission configuration in the deno.json file. In Lume 2.0 I'm planning to remove these wrapper files and depend only on deno.json that will be mandatory (unlike now, that both deno.json and import_map.json files are optional). If you're concerned about that, the correct way to apply permissions is by running the {
"importMap": "import_map.json",
"tasks": {
"lume": "deno run --unstable --allow-read=./ --allow-write=./ --allow-net=localhost https://lume.land/x/lume@1.11.4/cli.ts",
"build": "deno task lume",
"serve": "deno task lume -s"
}
} This conversation makes me think that a Permissions section in the documentation website would be really useful for users that want to restrict these permissions. |
This sounds like a great idea! It will also be useful for raising awareness of permissions considerations among users who wouldn't otherwise be thinking about it. I don't think I know enough about Deno's permissions API or Lume's requirements to write this myself, but I'd be very happy to help with writing this documentation if anyone feels like collaborating on it. |
Permissions are explained here: https://lume.land/docs/advanced/permissions/ |
I noticed that the default dev script invokes itself with full permissions over the entire system. Ideally, Lume should function fine if invoked with the following minimum permissions.
$ deno run --allow-net=localhost:3000 --allow-read=./ --allow-write=./_site lume/task.ts
The text was updated successfully, but these errors were encountered: