doc: add note on weakness of permission model #54268
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tniessen
added
security
|
Review requested:
|
RafaelGSS
reviewed
Aug 8, 2024
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
tniessen
force-pushed
the
doc-permission-model-no-security
branch
from
c31c39e
to
3c9de5f
Compare
RafaelGSS
reviewed
Aug 13, 2024
Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code.
tniessen
force-pushed
the
doc-permission-model-no-security
branch
from
3c9de5f
to
c2f33ba
Compare
RafaelGSS
approved these changes
Aug 14, 2024
tniessen
added
author ready
nodejs-github-bot
removed
the
commit-queue
|
Landed in 97f39eb |
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 19, 2024
Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code. PR-URL: #54268 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Merged
RafaelGSS
pushed a commit
that referenced
this pull request
Aug 21, 2024
Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code. PR-URL: #54268 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code.
Specifically, JavaScript code can interface with libuv through a file descriptor and execute arbitrary native code. This problem was found by @leesh3288 who submitted a well-written report on the security impact of this issue.
(I am not convinced that we should present this feature as a security mechanism at all at this point because I am quite unsure what guarantees it provides, but this PR just adds a remark on malicious code.)