/node

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy: ensure workers do not read fs for policy #25710

Closed
wants to merge 1 commit into
base: master
from

Conversation

Reviewers

@addaleax addaleax

@joyeecheung joyeecheung

Assignees
No one assigned
Labels
author ready process worker
Projects
None yet
Milestone
No milestone
5 participants
@bmeck @nodejs-github-bot @joyeecheung @addaleax @danbev
@bmeck
Copy link
Member

bmeck commented Jan 25, 2019

This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

This prevents a main file of:

// find the file
const policyPath = findPath(process.execArgv);

// rewrite with out new escalated privileges
fs.writeFileSync(policyPath, modifiedPolicy);

// spawn worker to get the modified policy
new Worker(...);
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
@bmeck
policy: ensure workers do not read fs for policy 
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.
Loading status checks…
101df42
@nodejs-github-bot

@nodejs-github-bot nodejs-github-bot added process worker labels Jan 25, 2019

@bmeck bmeck requested review from addaleax and joyeecheung Jan 25, 2019

@addaleax

addaleax approved these changes Jan 25, 2019
View changes

@joyeecheung

joyeecheung approved these changes Jan 28, 2019
View changes

@joyeecheung

This comment has been minimized.

Sign in to view
Copy link
Member

joyeecheung commented Jan 28, 2019

CI: https://ci.nodejs.org/job/node-test-pull-request/20372/
@addaleax

This comment has been minimized.

Sign in to view
Copy link
Member

addaleax commented Jan 28, 2019

Resume CI: https://ci.nodejs.org/job/node-test-pull-request/20390/

@addaleax addaleax added the author ready label Jan 28, 2019

@danbev

This comment has been minimized.

Sign in to view
Copy link
Member

danbev commented Jan 29, 2019

Landed in 7898238.

@danbev danbev closed this Jan 29, 2019

pull bot pushed a commit to zys-contribs/node that referenced this pull request Jan 29, 2019

@bmeck @danbev
policy: ensure workers do not read fs for policy 
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: nodejs#25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Loading status checks…
7898238

targos added a commit that referenced this pull request Jan 29, 2019

@bmeck @targos
policy: ensure workers do not read fs for policy 
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: #25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Verified
This commit was signed with a verified signature.
@targos targos Michaël Zasso
GPG key ID: 770F7A9A5AE15600 Learn about signing commits
f3179f7

@targos targos referenced this pull request Jan 29, 2019

Merged

v11.9.0 proposal #25802

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment