Enforce permissions on kill(), homeDir() and execPath (#2723)

4 files changed, 24 insertions, 3 deletions

diff --git a/cli/ops.rs b/cli/ops.rs
index 06c4eae99..410f15a4c 100644
--- a/cli/ops.rs
+++ b/cli/ops.rs
@@ -1053,10 +1053,12 @@ fn op_close(
 }
 
 fn op_kill(
-  _state: &ThreadSafeState,
+  state: &ThreadSafeState,
   base: &msg::Base<'_>,
   data: Option<PinnedBuf>,
 ) -> CliOpResult {
+  state.check_run()?;
+
   assert!(data.is_none());
   let inner = base.inner_as_kill().unwrap();
   let pid = inner.pid();
diff --git a/js/os.ts b/js/os.ts
index e7d588a52..551cb1ea6 100644
--- a/js/os.ts
+++ b/js/os.ts
@@ -13,7 +13,9 @@ export let pid: number;
 /** Reflects the NO_COLOR environment variable: https://no-color.org/ */
 export let noColor: boolean;
 
-/** Path to the current deno process's executable file. */
+/** Path to the current deno process's executable file.
+ * Requires the `--allow-env` flag, otherwise it'll be set to an empty `string`.
+ */
 export let execPath: string;
 
 function setGlobals(pid_: number, noColor_: boolean, execPath_: string): void {
@@ -145,7 +147,7 @@ export function start(
 
 /**
  * Returns the current user's home directory.
- * Does not require elevated privileges.
+ * Requires the `--allow-env` flag.
  */
 export function homeDir(): string {
   const builder = flatbuffers.createBuilder();
diff --git a/js/process.ts b/js/process.ts
index ce6a05760..0629b26b0 100644
--- a/js/process.ts
+++ b/js/process.ts
@@ -55,6 +55,7 @@ async function runStatus(rid: number): Promise<ProcessStatus> {
 /** Send a signal to process under given PID. Unix only at this moment.
  * If pid is negative, the signal will be sent to the process group identified
  * by -pid.
+ * Requires the `--allow-run` flag.
  */
 export function kill(pid: number, signo: number): void {
   const builder = flatbuffers.createBuilder();
diff --git a/js/process_test.ts b/js/process_test.ts
index 874f59a81..69b904b73 100644
--- a/js/process_test.ts
+++ b/js/process_test.ts
@@ -321,6 +321,22 @@ test(function signalNumbers(): void {
 
 // Ignore signal tests on windows for now...
 if (Deno.platform.os !== "win") {
+  test(function killPermissions(): void {
+    let caughtError = false;
+    try {
+      // Unlike the other test cases, we don't have permission to spawn a
+      // subprocess we can safely kill. Instead we send SIGCONT to the current
+      // process - assuming that Deno does not have a special handler set for it
+      // and will just continue even if a signal is erroneously sent.
+      Deno.kill(Deno.pid, Deno.Signal.SIGCONT);
+    } catch (e) {
+      caughtError = true;
+      assertEquals(e.kind, Deno.ErrorKind.PermissionDenied);
+      assertEquals(e.name, "PermissionDenied");
+    }
+    assert(caughtError);
+  });
+
   testPerm({ run: true }, async function killSuccess(): Promise<void> {
     const p = run({
       args: ["python", "-c", "from time import sleep; sleep(10000)"]