undefined | Better HN

0 pointsgoldsteinq4y ago0 comments

It’s arguably worse than Node because Node doesn’t pretend to provide any security. With Deno you may be tempted to think that permission to run specific command actually means that program can’t run some other command (it can, and doing this doesn’t even require _clever_ hacks: Deno uses binary name instead of the full path in it’s permission system, so you only need to change $PATH for the child process).

0 comments

lucideer4y ago

The Deno docs say:

> make sure you carefully consider if you want to grant a program --allow-run access: it essentially invalidates the Deno security sandbox

Saying Deno shouldn't "pretend" (or attempt) to provide more security because a non-default flag invalidates the sandbox (as stated clearly in the docs for that flag) seems slight hyperbole.

It would admittedly be cool if we could use this flag securely (though I'm sure the implementation complexity would be significant, and more code surface area is never nice to audit).

j / k navigate · click thread line to collapse

0 pointsgoldsteinq4y ago0 comments

0 comments

lucideer4y ago

The Deno docs say:

> make sure you carefully consider if you want to grant a program --allow-run access: it essentially invalidates the Deno security sandbox

Saying Deno shouldn't "pretend" (or attempt) to provide more security because a non-default flag invalidates the sandbox (as stated clearly in the docs for that flag) seems slight hyperbole.

It would admittedly be cool if we could use this flag securely (though I'm sure the implementation complexity would be significant, and more code surface area is never nice to audit).

j / k navigate · click thread line to collapse