Skip to content

policy: ensure workers do not read fs for policy #25710

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

policy: ensure workers do not read fs for policy #25710

wants to merge 1 commit into from

Conversation

bmeck
Copy link
Member

@bmeck bmeck commented Jan 25, 2019

This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

This prevents a main file of:

// find the file
const policyPath = findPath(process.execArgv);

// rewrite with out new escalated privileges
fs.writeFileSync(policyPath, modifiedPolicy);

// spawn worker to get the modified policy
new Worker(...);
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@bmeck
policy: ensure workers do not read fs for policy
101df42 
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.
@nodejs-github-bot
Copy link
Collaborator

@bmeck build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/2390/pipeline

@nodejs-github-bot nodejs-github-bot added process Issues and PRs related to the process subsystem. worker Issues and PRs related to Worker support. labels Jan 25, 2019
@bmeck bmeck requested review from addaleax and joyeecheung January 25, 2019 18:30
@joyeecheung
Copy link
Member

CI: https://ci.nodejs.org/job/node-test-pull-request/20372/

@addaleax
Copy link
Member

Resume CI: https://ci.nodejs.org/job/node-test-pull-request/20390/

@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 28, 2019
@danbev
Copy link
Contributor

danbev commented Jan 29, 2019

Landed in 7898238.

@danbev danbev closed this Jan 29, 2019
targos pushed a commit that referenced this pull request Jan 29, 2019
@bmeck @targos
policy: ensure workers do not read fs for policy
f3179f7 
This prevents a main thread from rewriting the policy file and loading
a worker that has a different policy from the main thread.

PR-URL: #25710
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
@targos targos mentioned this pull request Jan 29, 2019
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@addaleax addaleax addaleax approved these changes

@joyeecheung joyeecheung joyeecheung approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. process Issues and PRs related to the process subsystem. worker Issues and PRs related to Worker support.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bmeck @nodejs-github-bot @joyeecheung @addaleax @danbev