New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy: ensure workers do not read fs for policy #25710

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@bmeck
Copy link
Member

bmeck commented Jan 25, 2019

This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

This prevents a main file of:

// find the file
const policyPath = findPath(process.execArgv);

// rewrite with out new escalated privileges
fs.writeFileSync(policyPath, modifiedPolicy);

// spawn worker to get the modified policy
new Worker(...);
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
policy: ensure workers do not read fs for policy
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.
@joyeecheung

This comment has been minimized.

@addaleax

This comment has been minimized.

Copy link
Member

addaleax commented Jan 28, 2019

@danbev

This comment has been minimized.

Copy link
Member

danbev commented Jan 29, 2019

Landed in 7898238.

@danbev danbev closed this Jan 29, 2019

pull bot pushed a commit to zys-contribs/node that referenced this pull request Jan 29, 2019

policy: ensure workers do not read fs for policy
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: nodejs#25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

targos added a commit that referenced this pull request Jan 29, 2019

policy: ensure workers do not read fs for policy
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: #25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

@targos targos referenced this pull request Jan 29, 2019

Merged

v11.9.0 proposal #25802

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment