Replies: 1 comment 1 reply
-
|
Correct. Using less powerfull restrictions like --allow-net is not really safe if you also have more dangerous permissions like --allow-write or --allow-run enabled. If you --allow-write, you need to assume malicious code can potentially modify files to do stuff like enable --allow-net just as you described. Note that --allow-write and --allow-run have optional allow lists which can be used to limit what files can be written to, or executed. |
Beta Was this translation helpful? Give feedback.
-
|
The solution is simple, don't allow wildcard access to your filesystem but only to the specific folders you want the program to have access to |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I think something weird. If deno can disallow a code to be executed without having access to internet, the code could just modify deno's codes if the code have manage files perms so the code have access to internet. Does this actually work?
I think this will works if there's a program that will re-execute the code after the code kill its process after editing deno's codes.
Or the code could just make another process, kill its process and then the another process will re-execute the code.
Sorry if I make a lot of mistakes regarding deno in my sentences, I mainly use node so I don't know much about deno.
Beta Was this translation helpful? Give feedback.
All reactions